Описание
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.48-1 | experimental | package |
| apache2 | fixed | 2.4.46-6 | package | |
| apache2 | not-affected | buster | package | |
| apache2 | not-affected | stretch | package |
Примечания
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950
Fixed by: https://svn.apache.org/r1678771
Introduced by: https://svn.apache.org/r1656259
EPSS
Связанные уязвимости
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
EPSS