7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
78.6%
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to
crash (NULL pointer dereference) with specially crafted requests using both
Content-Length and Transfer-Encoding headers, leading to a Denial of
Service
Author | Note |
---|---|
mdeslaur | need to check if bionic is vulnerable as it is older than 2.4.41 included in same backport commit as CVE-2019-17567 looks like it was introduced by: https://svn.apache.org/viewvc?view=revision&revision=1656259 |
www.openwall.com/lists/oss-security/2021/06/10/4
httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950
launchpad.net/bugs/cve/CVE-2020-13950
lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.httpd.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2020-13950
security-tracker.debian.org/tracker/CVE-2020-13950
ubuntu.com/security/notices/USN-4994-1
www.cve.org/CVERecord?id=CVE-2020-13950
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
78.6%