CVE-2006-0042

5 documents5 sources

Severity

5.0MEDIUM

EPSS

7.1%

top 8.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Libapreq2 Debian Debian Linux

Timeline

PublishedFeb 18

Latest updateMay 1

Description

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapache/libapreq2< 2.07

▶Debianlibapreq2< 2.07-1+2

Also affects: Debian Linux 3.0, 3.1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-67xr-x2j9-rc4g: Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2↗2022-05-01

▶

CVEList

CVE-2006-0042: Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2↗2006-02-18

▶

OSV

CVE-2006-0042: Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2↗2006-02-18

▶

📋Vendor Advisories

Debian

CVE-2006-0042: libapreq2 - Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlenco...↗2006

▶