Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2020-13950

Updated: 2022-05-25 08:52:25.681082

Description:

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Status Errata Last updated
CentOS 8.4 ELS httpd 2.4.37 In testing 2022-06-28 07:17:07.114959
CentOS 8.5 ELS httpd 2.4.37 In testing 2022-06-28 07:17:07.02937
Ubuntu 16.04 ELS apache 2.4.18 Not vulnerable 2021-12-09 07:57:04.65477