[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2006-20001: Apache HTTP Server: mod_dav out of bounds read, or write of zero byt
From: Eric Covener <covener () apache ! org>
Date: 2023-01-17 19:06:20
Message-ID: 704eda51-7f85-fb5b-d6ab-0051f24b094d () apache ! org
[Download RAW message or body]
Severity: moderate
Description:
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, \
in a pool (heap) memory location beyond the header value sent. This could cause the process to \
crash.
This issue affects Apache HTTP Server 2.4.54 and earlier.
References:
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2006-20001
Timeline:
2006-10-31: Described in first edition of "The Art of Software Security Assessment"
2022-08-10: Reported to security team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic