Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the startSessionHandler function. An attacker can cause excessive memory consumption and crash the server by sending unauthenticated HTTP requests with a specially crafted nonce a...

CLSA-2021-1633601543 Fix of CVE: CVE-2020-35452

CVE-2020-35452: fix stack overflow in modauthdigest due to crafted digest nonce...

AZL-6475 CVE-2020-35452 affecting package httpd for versions less than 2.4.46-10

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

PT-2020-6242 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.46 Description: The issue is caused by a stack overflow in the mod auth digest function of the Apache HTTP Server. This can be triggered by a specially crafted Digest nonce. Although there are no...