Vulnerability Details : CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.
This issue affects Apache HTTP Server 2.4.54 and earlier.
Vulnerability category: Memory Corruption
Threat overview for CVE-2006-20001
Top countries where our scanners detected CVE-2006-20001
Top open port discovered on systems with this issue
80
IPs affected by CVE-2006-20001 5,257,009
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-20001!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-20001
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-20001
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
nvd@nist.gov |
CWE ids for CVE-2006-20001
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: security@apache.org (Primary)
References for CVE-2006-20001
-
https://httpd.apache.org/security/vulnerabilities_24.html
httpd 2.4 vulnerabilities - The Apache HTTP Server ProjectRelease Notes;Vendor Advisory
-
https://security.gentoo.org/glsa/202309-01
Apache HTTPD: Multiple Vulnerabilities (GLSA 202309-01) — Gentoo security
Products affected by CVE-2006-20001
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*