Apache HTTP Server: mod_dav out of bounds read, or write of zero byte
CVE-2006-20001

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 17 January 2023

Badges

👾 Exploit Exists

What is CVE-2006-20001?

A vulnerability exists in the Apache HTTP Server that allows an attacker to exploit a specifically designed If: request header. This exploit can lead to a memory read or write operation involving a single zero byte, affecting heap memory locations and possibly resulting in server instability or crashes. This vulnerability impacts all versions of Apache HTTP Server prior to 2.4.54, making it crucial for users to apply the latest security updates.

Affected Version(s)

Apache HTTP Server 2.4 <= 2.4.54

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

https://security.gentoo.org/glsa/202309-01

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 7, 2023
👾
Exploit known to exist
Feb 7, 2023
Vulnerability published
Jan 17, 2023
Vulnerability Reserved
Sep 1, 2022