A flaw was found in the mod_dav module of httpd. A specially crafted “If:” request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.

Mitigation

Disabling mod_dav and restarting httpd will mitigate this flaw.

References

bugzilla.redhat.com/show_bug.cgi?id=2161774

httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001

nvd.nist.gov/vuln/detail/CVE-2006-20001

www.cve.org/CVERecord?id=CVE-2006-20001

f5 1

nvd 1

cloudlinux 1

cve 1

prion 1

veracode 1

cvelist 1

ibm 8

alpinelinux 1

ubuntucve 1

cnvd 1

debiancve 1

osv 9

openvas 32

ubuntu 2

nessus 47

redos 1

amazon 2

altlinux 2

redhat 4

fedora 2

oraclelinux 2

rocky 2

almalinux 2

freebsd 1

kaspersky 1

slackware 1

mageia 1

debian 2

gentoo 1

photon 2

rosalinux 1

hp 1

ics 1

oracle 1

K000132525 : Apache vulnerability CVE-2006-20001

2023-02-14 00:00:00

nvd

CVE-2006-20001

2023-01-17 20:15:11

cloudlinux

httpd: Fix of CVE-2006-20001

2023-03-06 21:06:33

cve

CVE-2006-20001

2023-01-17 20:15:11

prion

Design/Logic Flaw

2023-01-17 20:15:00

veracode

Denial Of Service (DoS)

2023-01-20 06:55:49

cvelist

CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte

2023-01-17 19:07:27

ibm

Security Bulletin: Vulnerability in Apache HTTP Server affect Cloud Pak System (CVE-2006-20001)

2023-03-31 16:41:42

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001)

2023-04-19 15:11:52

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime

2023-02-28 01:58:47

alpinelinux

CVE-2006-20001

2023-01-17 20:15:11

ubuntucve

CVE-2006-20001

2023-01-17 00:00:00

cnvd

Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2023-80558)

2023-10-19 00:00:00

debiancve

CVE-2006-20001

2023-01-17 20:15:11

osv

CVE-2006-20001

2023-01-17 20:15:11

apache2 vulnerabilities

2023-01-31 13:13:51

Moderate: httpd security and bug fix update

2023-04-06 15:53:36

openvas

Ubuntu: Security Advisory (USN-5834-1)

2023-02-01 00:00:00

Fedora: Security Advisory for httpd (FEDORA-2023-6d4055d482)

2023-02-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0185-1)

2023-01-30 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2023-01-31 00:00:00

Apache HTTP Server vulnerabilities

2023-02-01 00:00:00

nessus

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5834-1)

2023-01-31 00:00:00

SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0185-1)

2023-01-28 00:00:00

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache HTTP Server vulnerabilities (USN-5839-1)

2023-02-01 00:00:00

redos

ROS-20240603-04

2024-06-03 00:00:00

amazon

Important: httpd

2023-02-17 00:10:00

Important: httpd24

2023-03-17 15:53:00

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.55-alt1

2023-02-07 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.55-alt1

2023-02-16 00:00:00

redhat

(RHSA-2023:0970) Moderate: httpd security and bug fix update

2023-02-28 07:53:34

(RHSA-2023:0852) Moderate: httpd:2.4 security and bug fix update

2023-02-21 08:48:58

(RHSA-2023:3354) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

2023-06-05 11:45:17

fedora

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

2023-01-28 01:27:38

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

2023-02-03 01:42:01

oraclelinux

httpd security and bug fix update

2023-02-28 00:00:00

httpd:2.4 security and bug fix update

2023-02-22 00:00:00

rocky

httpd security and bug fix update

2023-04-06 15:53:36

httpd:2.4 security and bug fix update

2023-02-22 01:08:53

almalinux

Moderate: httpd security and bug fix update

2023-02-28 00:00:00

Moderate: httpd:2.4 security and bug fix update

2023-02-21 00:00:00

freebsd

Apache httpd -- Multiple vulnerabilities

2023-01-17 00:00:00

kaspersky

KLA20167 Multiple vulnerabilities in Apache HTTP Server

2023-01-17 00:00:00

slackware

[slackware-security] httpd

2023-01-18 06:23:09

mageia

Updated apache packages fix security vulnerability

2023-02-07 03:06:39

debian

[SECURITY] [DLA 3351-1] apache2 security update

2023-03-03 16:35:17

[SECURITY] [DSA 5376-1] apache2 security update

2023-03-20 18:52:17

gentoo

Apache HTTPD: Multiple Vulnerabilities

2023-09-08 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0522

2023-01-31 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0325

2023-02-01 00:00:00

rosalinux

Advisory ROSA-SA-2023-2159

2023-04-25 11:49:15

HP Device Manager Security Updates

2023-04-13 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

47.5%

JSON

Related for RH:CVE-2006-20001