Apache HTTP/2 Buffer Overflow Vulnerability (CVE-2020-11984)
Aug 27, 2020 GMT+08:00
Apache has officially released a security notice, disclosing three security vulnerabilities (CVE-2020-9490, CVE-2020-11993, and CVE-2020-11984). The HTTP/2 buffer overflow vulnerability (CVE-2020-11984) is officially marked as critical. Attackers can exploit this vulnerability in the mod_proxy_uwsgi module of Apache to leak information or remotely execute code.
If you are an Apache HTTP/2 user, check your versions and implement timely security hardening.
For more information about this vulnerability, visit the following website:
(Severity: low, moderate, important, and critical)
III. Affected Products
Apache HTTP Server: 2.4.32-2.4.43
Apache HTTP Server: 2.4.44 or later
IV. Vulnerability Handling
This vulnerability has been fixed in the latest official releases. If your version falls into the affected range, upgrade it to a secure version.
Download link: https://httpd.apache.org/download.cgi
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.