CVE-2020-13950

High

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests…

apache·CWE-476·Published 2021-06-10

CVSS

7.5

EPSS

0.49

KEV

Exploits

cve.orgen

227 chars

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

NVDen

227 chars

NVDes

259 chars

Apache HTTP Server versiones 2.4.41 a 2.4.46 la función mod_proxy_http puede bloquearse (desviación del puntero NULL) con peticiones especialmente diseñadas que utilicen las encabezados Content-Length y Transfer-Encoding, provocando una denegación de servicio

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H