Vulnerability CVE-2006-20001: Information

Description

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2006-20001
Published: Jan. 17, 2023
Modified: Sept. 9, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.55-alt12.4.59-alt1ALT-PU-2023-1165-1314494Fixed
apache2sisyphus_e2k2.4.55-alt12.4.59-alt1ALT-PU-2023-2412-1-Fixed
apache2sisyphus_riscv642.4.55-alt12.4.59-alt1ALT-PU-2023-2418-1-Fixed
apache2p102.4.55-alt12.4.59-alt1ALT-PU-2023-1189-1314495Fixed
apache2p10_e2k2.4.55-alt12.4.59-alt1ALT-PU-2023-2472-1-Fixed
apache2p92.4.55-alt12.4.58-alt1ALT-PU-2023-1260-1314497Fixed
apache2p9_e2k2.4.55-alt12.4.57-alt2ALT-PU-2023-2671-1-Fixed
apache2c10f12.4.55-alt12.4.59-alt1ALT-PU-2023-1189-1314495Fixed
apache2c9f22.4.55-alt12.4.59-alt1ALT-PU-2023-1380-1314496Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
  • Release Notes
  • Vendor Advisory
https://security.gentoo.org/glsa/202309-01

      1. Configuration 1

        cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
        End excliding
        2.4.55
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top