{ "threat_severity" : "Moderate", "public_date" : "2019-08-14T00:00:00Z", "bugzilla" : { "description" : "httpd: memory corruption on early pushes", "id" : "1743966", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1743966" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.", "A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash." ], "affected_release" : [ { "product_name" : "JBoss Core Services Apache HTTP Server 2.4.37 SP2", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1336", "cpe" : "cpe:/a:redhat:jboss_core_services:1", "package" : "httpd" }, { "product_name" : "JBoss Core Services on RHEL 6", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6", "package" : "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6" }, { "product_name" : "JBoss Core Services on RHEL 6", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6", "package" : "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6" }, { "product_name" : "JBoss Core Services on RHEL 6", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6", "package" : "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6" }, { "product_name" : "JBoss Core Services on RHEL 6", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6", "package" : "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6" }, { "product_name" : "JBoss Core Services on RHEL 6", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6", "package" : "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6" }, { "product_name" : "JBoss Core Services on RHEL 6", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6", "package" : "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6" }, { "product_name" : "JBoss Core Services on RHEL 7", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7", "package" : "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7" }, { "product_name" : "JBoss Core Services on RHEL 7", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7", "package" : "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7" }, { "product_name" : "JBoss Core Services on RHEL 7", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7", "package" : "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7" }, { "product_name" : "JBoss Core Services on RHEL 7", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7", "package" : "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7" }, { "product_name" : "JBoss Core Services on RHEL 7", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7", "package" : "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7" }, { "product_name" : "JBoss Core Services on RHEL 7", "release_date" : "2020-04-06T00:00:00Z", "advisory" : "RHSA-2020:1337", "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7", "package" : "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4751", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "httpd:2.4-8030020200818000036.30b713e6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "httpd", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "httpd", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "httpd", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 2", "fix_state" : "Out of support scope", "package_name" : "httpd", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 2", "fix_state" : "Out of support scope", "package_name" : "httpd22", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2" }, { "product_name" : "Red Hat JBoss Web Server 3", "fix_state" : "Out of support scope", "package_name" : "httpd24", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "httpd24-httpd", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-10081\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10081\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name" : "CVE-2019-10081", "mitigation" : { "value" : "This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including \"h2\" or \"h2c\" in the \"Protocols\" list in a configuration file. The following command can be used to search for possible vulnerable configurations: \ngrep -R '^\\s*Protocols\\>.*\\' /etc/httpd/\nSee https://httpd.apache.org/docs/2.4/mod/mod_http2.html", "lang" : "en:us" }, "csaw" : false }