Severity

Medium

Analysis Summary

Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when the server tries to HTTP/2 PUSH a resource afterwards. By using a specially-crafted value for the “Cache-Digest” header, a remote attacker could exploit this vulnerability to cause the application to crash.

Impact

Denial of Service

Affected Vendors

Apache

Affected Products

Apache HTTP Server

Remediation

Upgrade to the latest version of Apache HTTP Server (2.4.44 or later).