oss-sec mailing list archives
CVE-2006-20001: Apache HTTP Server: mod_dav out of bounds read, or write of zero byte
From: Eric Covener <covener () apache org>
Date: Tue, 17 Jan 2023 19:06:20 +0000
Severity: moderate Description: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. References: https://httpd.apache.org/security/vulnerabilities_24.html https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2006-20001 Timeline: 2006-10-31: Described in first edition of "The Art of Software Security Assessment" 2022-08-10: Reported to security team
Current thread:
- CVE-2006-20001: Apache HTTP Server: mod_dav out of bounds read, or write of zero byte Eric Covener (Jan 17)