Date: Wed, 09 Jun 2021 23:11:00 +0200 From: Christophe JAILLET <jailletc36@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference CVE-2020-13950: mod_proxy_http NULL pointer dereference Severity: low Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.41 to 2.4.46 Description: Apache HTTP Server 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service Mitigation: None Credit: Reported by Marc Stern (<marc.stern approach.be>) References: https://httpd.apache.org/security/vulnerabilities_24.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.