You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Eric Covener <co...@apache.org> on 2023/01/17 19:06:20 UTC

CVE-2006-20001: Apache HTTP Server: mod_dav out of bounds read, or write of zero byte

Severity: moderate

Description:

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.

This issue affects Apache HTTP Server 2.4.54 and earlier.

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2006-20001

Timeline:

2006-10-31: Described in first edition of "The Art of Software Security Assessment"
2022-08-10: Reported to security team