CVE-2006-20001

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://httpd.apache.org/security/vulnerabilities_24.html Release Notes Vendor Advisory
https://security.gentoo.org/glsa/202309-01
https://httpd.apache.org/security/vulnerabilities_24.html Release Notes Vendor Advisory
https://security.gentoo.org/glsa/202309-01
https://security.netapp.com/advisory/ntap-20230316-0005/
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
History

13 Feb 2025, 17:15

Type Values Removed Values Added
Summary (en) A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. (en) A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

21 Nov 2024, 00:10

Type Values Removed Values Added
Summary
  • (es) Un encabezado de solicitud If cuidadosamente manipulado puede provocar una lectura o escritura de memoria de un único byte cero en una ubicación de memoria del grupo (heap) más allá del valor del encabezado enviado. Esto podría provocar que el proceso se bloquee. Este problema afecta al servidor Apache HTTP 2.4.54 y versiones anteriores.
References
  • () https://security.netapp.com/advisory/ntap-20230316-0005/ -
References () https://httpd.apache.org/security/vulnerabilities_24.html - Release Notes, Vendor Advisory () https://httpd.apache.org/security/vulnerabilities_24.html - Release Notes, Vendor Advisory
References () https://security.gentoo.org/glsa/202309-01 - () https://security.gentoo.org/glsa/202309-01 -

08 Sep 2023, 22:15

Type Values Removed Values Added
References
  • (MISC) https://security.gentoo.org/glsa/202309-01 -
Summary A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.
Information

Published : 2023-01-17 20:15

Updated : 2025-02-13 17:15

NVD link : CVE-2006-20001

Mitre link : CVE-2006-20001

CVE.ORG link : CVE-2006-20001

JSON object : View

Products Affected

apache

  • http_server
CWE
CWE-787

Out-of-bounds Write