CVE-2020-13950

Updated: 2024-11-24 03:31:39.886872

Description:

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 8.4 ELS httpd 2.4.37 7.5 HIGH Released CLSA-2022:1656958687 2022-07-04 14:43:46
CentOS 8.5 ELS httpd 2.4.37 7.5 HIGH Released CLSA-2022:1656958887 2022-07-04 14:43:46
Ubuntu 16.04 ELS apache2 2.4.18 7.5 HIGH Not Vulnerable 2021-12-09 07:57:04