CVE-2020-13938

CWE-862Missing AuthorizationCWE-732Incorrect Permission Assignment6 documents6 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 78.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mcafee Epolicy OrchestratorApache Http ServerApache Software Foundation Apache Http Server
Timeline
PublishedJun 10
Latest updateMay 24

Description

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDapache/http_server2.4.02.4.46
Alpineapache2< 2.4.48-r0+13

🔴Vulnerability Details

3
GHSA
GHSA-qvx2-v283-5hp3: Apache HTTP Server versions 22022-05-24
OSV
CVE-2020-13938: Apache HTTP Server versions 22021-06-10
CVEList
Improper Handling of Insufficient Privileges2021-06-10

📋Vendor Advisories

2
Red Hat
httpd: Improper Handling of Insufficient Privileges2021-06-07
Debian
CVE-2020-13938: apache2 - Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop ht...2020