Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2021-06-10 00:15
Updated : 2021-12-01 13:31
NVD link : CVE-2020-13950
Mitre link : CVE-2020-13950
JSON object : View
CWE
CWE-476
NULL Pointer Dereference
Products Affected
oracle
- instantis_enterprisetrack
- zfs_storage_appliance_kit
- enterprise_manager_ops_center
apache
- http_server
fedoraproject
- fedora
debian
- debian_linux