CVE-2006-20001
Public on 2023-01-17
Modified on 2024-02-12
Description
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.
This issue affects Apache HTTP Server 2.4.54 and earlier.
This issue affects Apache HTTP Server 2.4.54 and earlier.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | httpd | 2023-02-17 | ALAS2-2023-1938 | Fixed |
| Amazon Linux 2023 | httpd | 2023-03-06 | ALAS2023-2023-115 | Fixed |
| Amazon Linux 1 | httpd24 | 2023-03-17 | ALAS-2023-1711 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |