GoogleOSV:USN-5834-1

HistoryJan 31, 2023 - 1:13 p.m.

Vulners
/
Osv
/
apache2 vulnerabilities

apache2 vulnerabilities

2023-01-3113:13:51

Google

osv.dev

apache http server

mod_dav

mod_proxy_ajp

denial of service

http request smuggling

cve-2006-20001

cve-2022-36760

software

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.023

Percentile

90.0%

JSON

It was discovered that the Apache HTTP Server mod_dav module did not
properly handle specially crafted request headers. A remote attacker
could possibly use this issue to cause the process to crash, leading
to a denial of service. (CVE-2006-20001)

It was discovered that the Apache HTTP Server mod_proxy_ajp module did not
properly handle certain invalid Transfer-Encoding headers. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-36760)

References

ubuntu.com/security/CVE-2006-20001

ubuntu.com/security/CVE-2022-36760

ubuntu.com/security/notices/USN-5834-1

openvas 33

nessus 54

ubuntu 2

oraclelinux 2

fedora 2

rocky 2

osv 11

almalinux 2

altlinux 2

redos 1

amazon 2

redhat 6

freebsd 1

kaspersky 1

mageia 1

slackware 1

debian 2

cloudlinux 2

cve 2

f5 2

nvd 2

prion 2

cvelist 2

ibm 12

vulnrichment 1

redhatcve 2

veracode 2

ubuntucve 2

alpinelinux 2

cnvd 1

debiancve 2

gentoo 1

cbl_mariner 2

broadcom 1

photon 2

rosalinux 2

hp 1

qualysblog 1

ics 1

oracle 2

openvas

Ubuntu: Security Advisory (USN-5834-1)

2023-02-01 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1596)

2023-04-13 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0183-1)

2023-01-30 00:00:00

nessus

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5834-1)

2023-01-31 00:00:00

Apache 2.4.x < 2.4.55 Multiple Vulnerabilities

2023-01-18 00:00:00

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-1758)

2023-05-08 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2023-01-31 00:00:00

Apache HTTP Server vulnerabilities

2023-02-01 00:00:00

oraclelinux

httpd security and bug fix update

2023-02-28 00:00:00

httpd:2.4 security and bug fix update

2023-02-22 00:00:00

fedora

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

2023-01-28 01:27:38

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

2023-02-03 01:42:01

rocky

httpd security and bug fix update

2023-04-06 15:53:36

httpd:2.4 security and bug fix update

2023-02-22 01:08:53

osv

apache2 vulnerabilities

2023-02-01 13:09:22

Moderate: httpd:2.4 security and bug fix update

2023-02-22 01:08:53

Moderate: httpd security and bug fix update

2023-04-06 15:53:36

almalinux

Moderate: httpd security and bug fix update

2023-02-28 00:00:00

Moderate: httpd:2.4 security and bug fix update

2023-02-21 00:00:00

altlinux

Security fix for the ALT Linux 9 package apache2 version 1:2.4.55-alt1

2023-02-16 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.55-alt1

2023-02-07 00:00:00

redos

ROS-20240603-04

2024-06-03 00:00:00

amazon

Important: httpd

2023-02-17 00:10:00

Important: httpd24

2023-03-17 15:53:00

redhat

(RHSA-2023:0970) Moderate: httpd security and bug fix update

2023-02-28 07:53:34

(RHSA-2023:0852) Moderate: httpd:2.4 security and bug fix update

2023-02-21 08:48:58

(RHSA-2023:4629) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

2023-08-15 17:35:29

freebsd

Apache httpd -- Multiple vulnerabilities

2023-01-17 00:00:00

kaspersky

KLA20167 Multiple vulnerabilities in Apache HTTP Server

2023-01-17 00:00:00

mageia

Updated apache packages fix security vulnerability

2023-02-07 03:06:39

slackware

[slackware-security] httpd

2023-01-18 06:23:09

debian

[SECURITY] [DLA 3351-1] apache2 security update

2023-03-03 16:35:17

[SECURITY] [DSA 5376-1] apache2 security update

2023-03-20 18:52:17

cloudlinux

httpd: Fix of CVE-2006-20001

2023-03-06 21:06:33

httpd: Fix of CVE-2022-36760

2023-01-30 20:52:19

cve

CVE-2006-20001

2023-01-17 20:15:11

CVE-2022-36760

2023-01-17 20:15:11

K000132525 : Apache vulnerability CVE-2006-20001

2023-02-14 00:00:00

K000132643 : Apache HTTP server vulnerability CVE-2022-36760

2023-02-22 00:00:00

nvd

CVE-2006-20001

2023-01-17 20:15:11

CVE-2022-36760

2023-01-17 20:15:11

prion

Design/Logic Flaw

2023-01-17 20:15:00

Design/Logic Flaw

2023-01-17 20:15:00

cvelist

CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte

2023-01-17 19:07:27

CVE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling

2023-01-17 19:11:55

ibm

Security Bulletin: Vulnerability in Apache HTTP Server affect Cloud Pak System (CVE-2006-20001)

2023-03-31 16:41:42

Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

2023-03-03 06:30:57

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime

2023-02-28 01:58:47

vulnrichment

CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte

2023-01-17 19:07:27

redhatcve

CVE-2006-20001

2023-01-18 19:05:06

CVE-2022-36760

2023-01-18 19:05:48

veracode

Denial Of Service (DoS)

2023-01-20 06:55:49

HTTP Request Smuggling

2023-01-23 12:46:08

ubuntucve

CVE-2006-20001

2023-01-17 00:00:00

CVE-2022-36760

2023-01-17 00:00:00

alpinelinux

CVE-2006-20001

2023-01-17 20:15:11

CVE-2022-36760

2023-01-17 20:15:11

cnvd

Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2023-80558)

2023-10-19 00:00:00

debiancve

CVE-2006-20001

2023-01-17 20:15:11

CVE-2022-36760

2023-01-17 20:15:11

gentoo

Apache HTTPD: Multiple Vulnerabilities

2023-09-08 00:00:00

cbl_mariner

CVE-2022-36760 affecting package httpd 2.4.54-1

2023-02-14 02:35:58

CVE-2022-36760 affecting package httpd for versions less than 2.4.55-1

2023-02-14 20:36:06

broadcom

CVE-2022-36760 - HTTP Request Smuggling

2023-05-02 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0522

2023-01-31 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0325

2023-02-01 00:00:00

rosalinux

Advisory ROSA-SA-2023-2159

2023-04-25 11:49:15

Advisory ROSA-SA-2023-2161

2023-05-03 11:17:19

HP Device Manager Security Updates

2023-04-13 00:00:00

qualysblog

Oracle Patch Tuesday April 2023 Security Update Review

2023-04-19 11:47:21

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.023

Percentile

90.0%

JSON

Related for OSV:USN-5834-1