diff --git a/cves/2020/CVE-2020-9490.yaml b/cves/2020/CVE-2020-9490.yaml
new file mode 100644
index 0000000000..55db3a4cae
--- /dev/null
+++ b/cves/2020/CVE-2020-9490.yaml
@@ -0,0 +1,39 @@
+id: CVE-2020-9490
+
+info:
+  name: CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
+  author: philippedelteil
+  severity: medium
+  description: Detects apache versions 2.4.43, 2.4.39, 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20 that are POTENTIALLY vulnerable to CVE-2020-9490
+  tags: cve,cve2020,apache,dos
+  reference: |
+        - https://httpd.apache.org/security/vulnerabilities_24.html
+        - https://bugs.chromium.org/p/project-zero/issues/detail?id=2030
+        - https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=443369
+        - https://nvd.nist.gov/vuln/detail/CVE-2020-9490
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: word
+        words:
+          - "Apache/2.4.20"
+          - "Apache/2.4.23"
+          - "Apache/2.4.25"
+          - "Apache/2.4.26"
+          - "Apache/2.4.27"
+          - "Apache/2.4.28"
+          - "Apache/2.4.29"
+          - "Apache/2.4.30"
+          - "Apache/2.4.33"
+          - "Apache/2.4.34"
+          - "Apache/2.4.35"
+          - "Apache/2.4.37"
+          - "Apache/2.4.38"
+          - "Apache/2.4.39"
+          - "Apache/2.4.43"
+        part: header
+        condition: or