Apache HTTP Server: mod_dav out of bounds read, or write of zero byte
CVE-2006-20001

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Http Server
Vendor
CVE Published:
17 January 2023

Badges

πŸ‘Ύ Exploit Exists

Summary

A vulnerability exists in the Apache HTTP Server that allows an attacker to exploit a specifically designed If: request header. This exploit can lead to a memory read or write operation involving a single zero byte, affecting heap memory locations and possibly resulting in server instability or crashes. This vulnerability impacts all versions of Apache HTTP Server prior to 2.4.54, making it crucial for users to apply the latest security updates.

Affected Version(s)

Apache HTTP Server 2.4 <= 2.4.54

References

https://httpd.apache.org/security/vulnerabilities_24.html
vendor-advisory
https://security.gentoo.org/glsa/202309-01

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database0 Proof of Concept(s)
.