CVE-2020-13950

July 17, 2021

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

Summary:

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

Reference Links(if available):

  • http://httpd.apache.org/security/vulnerabilities_24.html
  • https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
  • https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
  • https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.httpd.apache.org%3E
  • http://www.openwall.com/lists/oss-security/2021/06/10/4

    • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Links to Exploits(if available)

  • You may have missed

    news

    Advanced Email Attacks Target Manufacturing Sector: Rise of Phishing and BEC

    November 23, 2024
    news

    Ransomware Groups Driving 40% of Cyber-Attacks in 2024: Key Insights

    November 23, 2024
    news

    MITRE Reveals Top 25 Most Critical Software Flaws of 2024

    November 23, 2024
    news

    Microsoft Disrupts Phishing Operations by Seizing 240 Fraudulent Websites

    November 23, 2024
    news

    Black Friday Spam Emails: 77% Identified as Scams in 2024

    November 23, 2024