CVE-2020-13950
Description
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
19.46
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-13950 are fixed in Apache 2.4.48 | Windows |
| Apache HTTP server (USN-4994-1) apache2_2.4.41-4ubuntu3.3_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.41-4ubuntu3.3_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-1ubuntu1.2_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-1ubuntu1.2_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-4ubuntu1.1_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-4ubuntu1.1_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.29-1ubuntu4.16_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.29-1ubuntu4.16_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.41-4ubuntu3.3_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.41-4ubuntu3.3_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-1ubuntu1.2_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-1ubuntu1.2_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-4ubuntu1.1_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-4ubuntu1.1_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.29-1ubuntu4.16_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.29-1ubuntu4.16_amd64.deb | Linux |
| (RHSA-2022:5163) httpd:2.4 security update httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64.rpm | Linux |
| (RHSA-2022:5163) httpd:2.4 security update httpd-debugsource-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64.rpm | Linux |
| (RHSA-2022:5163) httpd:2.4 security update httpd-devel-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64.rpm | Linux |
| (RHSA-2022:5163) httpd:2.4 security update httpd-filesystem-2.4.37-47.module+el8.6.0+15654+427eba2e.2.noarch.rpm | Linux |
| (RHSA-2022:5163) httpd:2.4 security update httpd-manual-2.4.37-47.module+el8.6.0+15654+427eba2e.2.noarch.rpm | Linux |
| (RHSA-2022:5163) httpd:2.4 security update httpd-tools-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64.rpm | Linux |
| (RHSA-2022:5163) httpd:2.4 security update mod_ldap-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64.rpm | Linux |
| (RHSA-2022:5163) httpd:2.4 security update mod_proxy_html-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64.rpm | Linux |
| (RHSA-2022:5163) httpd:2.4 security update mod_session-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64.rpm | Linux |
| (RHSA-2022:5163) httpd:2.4 security update mod_ssl-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-5163) httpd-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-5163) httpd-devel-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.x86_64.rpm | Linux |
| Httpd-filesystem update (ELSA-2022-5163) httpd-filesystem-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.noarch.rpm | Linux |
| Httpd-manual update (ELSA-2022-5163) httpd-manual-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-5163) httpd-tools-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.x86_64.rpm | Linux |
| Mod_http2 update (ELSA-2022-5163) mod_http2-1.15.7-5.module+el8.6.0+20548+01710940.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-5163) mod_ldap-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.x86_64.rpm | Linux |
| Mod_md update (ELSA-2022-5163) mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-5163) mod_proxy_html-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-5163) mod_session-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-5163) mod_ssl-2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-2.4.37-47.module+el8.6.0+985+b8ff6398.2.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_md-2.0.8-8.module+el8.5.0+695+1fa8055e.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_ssl-2.4.37-47.module+el8.6.0+985+b8ff6398.2.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_ldap-2.4.37-47.module+el8.6.0+985+b8ff6398.2.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-devel-2.4.37-47.module+el8.6.0+985+b8ff6398.2.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-tools-2.4.37-47.module+el8.6.0+985+b8ff6398.2.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_session-2.4.37-47.module+el8.6.0+985+b8ff6398.2.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-manual-2.4.37-47.module+el8.6.0+985+b8ff6398.2.noarch.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_proxy_html-2.4.37-47.module+el8.6.0+985+b8ff6398.2.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-filesystem-2.4.37-47.module+el8.6.0+985+b8ff6398.2.noarch.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_ssl-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_session-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_proxy_html-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) mod_ldap-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-manual-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1.noarch.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-devel-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm | Linux |
| httpd:2.4 security update (RLSA-2022:5163) httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234