CVE-2006-20001

CWE-787Out-of-bounds Write12 documents8 sources
Severity
7.5HIGH
EPSS
0.4%
top 36.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Http ServerApache Software Foundation Apache Http Server
Timeline
PublishedJan 17
Latest updateFeb 1

Description

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDapache/http_server< 2.4.55
Alpineapache2< 2.4.55-r0+3
Debianapache2< 2.4.56-1~deb11u1+3
Ubuntuapache2< 2.4.29-1ubuntu4.26+3

🔴Vulnerability Details

6
OSV
apache2 vulnerabilities2023-02-01
OSV
apache2 vulnerabilities2023-01-31
CVEList
Apache HTTP Server: mod_dav out of bounds read, or write of zero byte2023-01-17
GHSA
GHSA-p5j8-2qpf-wxr5: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header val2023-01-17
OSV
CVE-2006-20001: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header val2023-01-17

💥Exploits & PoCs

1
Exploit-DB
PHP Event Calendar 1.4/1.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities2006-09-13

📋Vendor Advisories

4
Ubuntu
Apache HTTP Server vulnerabilities2023-02-01
Ubuntu
Apache HTTP Server vulnerabilities2023-01-31
Red Hat
httpd: mod_dav: out-of-bounds read/write of zero byte2023-01-17
Debian
CVE-2006-20001: apache2 - A carefully crafted If: request header can cause a memory read, or write of a si...2006
CVE-2006-20001 (HIGH CVSS 7.5) | A carefully crafted If: request hea | cvebase.io