CVE-2020-13950

Summary

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP Server2.4.46affected
Apache Software FoundationApache HTTP Server2.4.43affected
Apache Software FoundationApache HTTP Server2.4.41affected

Weaknesses

  • mod_proxy_http NULL pointer dereference

ADP Enrichment

CVE Program Container

Additional References

References