ID

VAR-202301-1527


CVE

CVE-2006-20001


TITLE

Apache HTTP Server 2  memory read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2006-004077

DESCRIPTION

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. The server is fast, reliable and scalable via a simple API. ========================================================================== Ubuntu Security Notice USN-5839-1 February 01, 2023 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-36760) Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client. (CVE-2022-37436) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: apache2 2.4.54-2ubuntu1.1 Ubuntu 22.04 LTS: apache2 2.4.52-1ubuntu4.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.13 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.26 In general, a standard system update will make all the necessary changes. (BZ#2165975) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd:2.4 security and bug fix update Advisory ID: RHSA-2023:0852-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0852 Issue date: 2023-02-21 CVE Names: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 ==================================================================== 1. Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760) * httpd: mod_proxy: HTTP response splitting (CVE-2022-37436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165967) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte 2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling 2165967 - httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. [rhel-8.7.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm aarch64: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm noarch: httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm ppc64le: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm s390x: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm x86_64: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2006-20001 https://access.redhat.com/security/cve/CVE-2022-36760 https://access.redhat.com/security/cve/CVE-2022-37436 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/S5HdzjgjWX9erEAQh4bRAAkF3EgQgukNt/nGFBeSNly7ekQ6MZzwx6 /g701Jznu0z/XZM4+lhWIB6Au8sDwHyzp9tL3Mmwb1vSDkJfYMEBNpx22Ku4yr78 AqvAtMbtr3ZRtzlCow12ARhcsoV3mxCNvEs8Gw9ZK7VlJy0bq771jpau14tgZHvU cy3IOQgBUbACHoaJ+C4fpSFtd4ewKuYV9VDQrW08ZhYejF32U/0jFeWKPPAv2VFU gr9EazXKwQp4QF2d/dMOpmuERQNqRWRYKT7SdWykvCIpOjB1NeJ/iTKBK4hZnm3A malqCf3hnWl/6v+ZFRlb62G1UPzVH3xGfNrkBgN96ktGhJ/i7GYKn04zWioP/0mv pp5TsME6BT4J7ykw1SCZRDecFBHXyFKA8E08nXG+/aS9CDiHyUfP2mWyo7wx228Y xUvZYJQA165zaxSC7PG0W52CGeVYhUnBaa1xZKbG00YE+U+eN7KsHnbv+J7VjSnT F2Qm/z4OW1dFZU462VK2XVydYFPBoMormkeHFfOo3N92DdKduOU9rXcL9n++Y8dn 3tpuinfUc82EXeFm79HkVPaKz2R7/sm+dsylaC5QUkJqcbTahAYF2JgrkyfSWA9/ iY86qqDT17rd84adrQfXojb5hc4AKqVMJZuRJv5OGsj7SH/qiCGbYAtUDLf4C31G sw6Iqa1wZ18=EViL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202309-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache HTTPD: Multiple Vulnerabilities Date: September 08, 2023 Bugs: #891211, #900416 ID: 202309-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.56" References ========== [ 1 ] CVE-2006-20001 https://nvd.nist.gov/vuln/detail/CVE-2006-20001 [ 2 ] CVE-2022-36760 https://nvd.nist.gov/vuln/detail/CVE-2022-36760 [ 3 ] CVE-2022-37436 https://nvd.nist.gov/vuln/detail/CVE-2022-37436 [ 4 ] CVE-2023-25690 https://nvd.nist.gov/vuln/detail/CVE-2023-25690 [ 5 ] CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202309-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (bullseye), these problems have been fixed in version 2.4.56-1~deb11u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQYqdQACgkQEMKTtsN8 TjYWeQ//dwKUtLc9oKmjEmiY1QsRsSYdlzMTWA8ow63vdtGD1QU3Xb/CxPSZ22Oh 8zypNP5qtk3m11JA7npd7RNPpF3Gb1V5ebIlKP7GavGBIrGOmvH31hV3IUP4HoXO /mC36BA3twAgyF12HMtdPvj+qaNguYnxXhc02Kt7kl6sq+ybtdCnRnBfJJ2KYXKq tjRedc+HJZa0gSuq9fsFbaQF1OPk1jHEO/ixHhISKhEr1mHO+eLN3soQ9gqaEG/a /0jLUm1ThiBNeK5jkmCXuIuqwwrGHG16Cl9fIKGps1Yb+ef2aJca7onA4IfyUj1d 1S7VmCgFFQe+5eAgdcR77mWS8RyEP/lyItY+ifzGG6xR0EUnDgD7ApcqhZBIJCgU 583Dle+sjvwgb9iSSeNwynqx58Pf4648AJSx6nNlsop4ekE4To5GvKyr/eI3HNqa t9BfVtwqRu4GnnurvJFzh5n2wpRl1JbQMFMx/kxb1He5ioayRtru9guViNA3ylgn d7lbk8FEsvvzS9MM0RVivlWdzD6+FVFHaWoCcwzv+0dFD6iiG5MJMGUr0pElw+ju As6bnKCCoEHU4HK0rKHlVeB6E3Ch7yF+b6PvzZqCqcOE6RB5/I2Nu9S3L78cZWRU nKXf/WHf3Lw+DCB8QKWUBuo0WjkFjmEe/oUCWHGt/UbtXGbSM+E=Bi/w -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Bugs fixed (https://bugzilla.redhat.com/): 2152639 - CVE-2022-43551 curl: HSTS bypass via IDN 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 2167797 - CVE-2023-23914 curl: HSTS ignored on multiple requests 2167813 - CVE-2023-23915 curl: HSTS amnesia with --parallel 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy 6. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied

Trust: 2.97

sources: NVD: CVE-2006-20001 // JVNDB: JVNDB-2006-004077 // CNVD: CNVD-2023-80558 // VULMON: CVE-2006-20001 // PACKETSTORM: 170816 // PACKETSTORM: 170830 // PACKETSTORM: 171178 // PACKETSTORM: 171079 // PACKETSTORM: 174566 // PACKETSTORM: 171415 // PACKETSTORM: 172734 // PACKETSTORM: 172731

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-80558

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:ltversion:2.4.55

Trust: 1.6

vendor:日本電気model:webotx application serverscope: - version: -

Trust: 0.8

vendor:日本電気model:得選街・gcbscope: - version: -

Trust: 0.8

vendor:日本電気model:neoface monitorscope: - version: -

Trust: 0.8

vendor:日本電気model:connexive pfscope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope: - version: -

Trust: 0.8

vendor:日立model:日立高信頼サーバ rv3000scope: - version: -

Trust: 0.8

vendor:日本電気model:spoolserver/reportfilingscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2023-80558 // JVNDB: JVNDB-2006-004077 // NVD: CVE-2006-20001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-20001
value: HIGH

Trust: 1.0

NVD: CVE-2006-20001
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-80558
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202301-1294
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-80558
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2006-20001
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2006-20001
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-80558 // JVNDB: JVNDB-2006-004077 // CNNVD: CNNVD-202301-1294 // NVD: CVE-2006-20001

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2006-004077 // NVD: CVE-2006-20001

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 170816 // PACKETSTORM: 170830 // CNNVD: CNNVD-202301-1294

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202301-1294

PATCH

title:hitachi-sec-2023-217url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.8

title:Patch for Apache HTTP Server buffer overflow vulnerability (CNVD-2023-80558)url:https://www.cnvd.org.cn/patchInfo/show/471781

Trust: 0.6

title:Apache HTTP Server Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=222513

Trust: 0.6

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2006-20001

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2006-20001

Trust: 0.1

sources: CNVD: CNVD-2023-80558 // VULMON: CVE-2006-20001 // JVNDB: JVNDB-2006-004077 // CNNVD: CNNVD-202301-1294

EXTERNAL IDS

db:NVDid:CVE-2006-20001

Trust: 4.7

db:PACKETSTORMid:170830

Trust: 1.3

db:PACKETSTORMid:170816

Trust: 1.3

db:AUSCERTid:ESB-2023.1118

Trust: 1.2

db:AUSCERTid:ESB-2023.3189

Trust: 1.2

db:AUSCERTid:ESB-2023.1517

Trust: 1.2

db:AUSCERTid:ESB-2023.0791

Trust: 1.2

db:AUSCERTid:ESB-2023.1380

Trust: 1.2

db:AUSCERTid:ESB-2023.0586

Trust: 1.2

db:AUSCERTid:ESB-2023.1252

Trust: 1.2

db:AUSCERTid:ESB-2023.0612

Trust: 1.2

db:JVNid:JVNVU99928083

Trust: 0.8

db:JVNid:JVNVU91198149

Trust: 0.8

db:ICS CERTid:ICSA-24-046-11

Trust: 0.8

db:JVNDBid:JVNDB-2006-004077

Trust: 0.8

db:CNVDid:CNVD-2023-80558

Trust: 0.6

db:CNNVDid:CNNVD-202301-1294

Trust: 0.6

db:VULMONid:CVE-2006-20001

Trust: 0.1

db:PACKETSTORMid:171178

Trust: 0.1

db:PACKETSTORMid:171079

Trust: 0.1

db:PACKETSTORMid:174566

Trust: 0.1

db:PACKETSTORMid:171415

Trust: 0.1

db:PACKETSTORMid:172734

Trust: 0.1

db:PACKETSTORMid:172731

Trust: 0.1

sources: CNVD: CNVD-2023-80558 // VULMON: CVE-2006-20001 // JVNDB: JVNDB-2006-004077 // PACKETSTORM: 170816 // PACKETSTORM: 170830 // PACKETSTORM: 171178 // PACKETSTORM: 171079 // PACKETSTORM: 174566 // PACKETSTORM: 171415 // PACKETSTORM: 172734 // PACKETSTORM: 172731 // CNNVD: CNNVD-202301-1294 // NVD: CVE-2006-20001

REFERENCES

url:https://security.gentoo.org/glsa/202309-01

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2006-20001

Trust: 1.6

url:https://www.auscert.org.au/bulletins/esb-2023.1380

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2023.1517

Trust: 1.2

url:https://cxsecurity.com/cveshow/cve-2006-20001/

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2023.0612

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2023.1118

Trust: 1.2

url:https://packetstormsecurity.com/files/170816/ubuntu-security-notice-usn-5834-1.html

Trust: 1.2

url:https://packetstormsecurity.com/files/170830/ubuntu-security-notice-usn-5839-1.html

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2023.0586

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2023.1252

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2023.3189

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2023.0791

Trust: 1.2

url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.1

url:https://jvn.jp/vu/jvnvu99928083/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91198149/index.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-36760

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:https://

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2006-20001

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-37436

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2023-25690

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-36760

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-37436

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-27522

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25147

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-23915

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-25690

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-0215

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-0286

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-43552

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-4304

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-43552

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-0286

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-23914

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-4450

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-4450

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-23914

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-0215

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-23916

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-4304

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25147

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-23916

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-23915

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-43551

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-43551

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2006-20001

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5834-1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5834-1>

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.54-2ubuntu1.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5839-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.26

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0970

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0852

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/apache2

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3354

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-43680

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-43680

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3355

Trust: 0.1

sources: CNVD: CNVD-2023-80558 // VULMON: CVE-2006-20001 // JVNDB: JVNDB-2006-004077 // PACKETSTORM: 170816 // PACKETSTORM: 170830 // PACKETSTORM: 171178 // PACKETSTORM: 171079 // PACKETSTORM: 174566 // PACKETSTORM: 171415 // PACKETSTORM: 172734 // PACKETSTORM: 172731 // CNNVD: CNNVD-202301-1294 // NVD: CVE-2006-20001

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 171178 // PACKETSTORM: 171079 // PACKETSTORM: 172734 // PACKETSTORM: 172731

SOURCES

db:CNVDid:CNVD-2023-80558
db:VULMONid:CVE-2006-20001
db:JVNDBid:JVNDB-2006-004077
db:PACKETSTORMid:170816
db:PACKETSTORMid:170830
db:PACKETSTORMid:171178
db:PACKETSTORMid:171079
db:PACKETSTORMid:174566
db:PACKETSTORMid:171415
db:PACKETSTORMid:172734
db:PACKETSTORMid:172731
db:CNNVDid:CNNVD-202301-1294
db:NVDid:CVE-2006-20001

LAST UPDATE DATE

2024-12-21T21:26:08.163000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-80558date:2023-10-25T00:00:00
db:VULMONid:CVE-2006-20001date:2023-01-17T00:00:00
db:JVNDBid:JVNDB-2006-004077date:2024-02-22T03:40:00
db:CNNVDid:CNNVD-202301-1294date:2023-06-06T00:00:00
db:NVDid:CVE-2006-20001date:2023-09-08T22:15:08.013

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-80558date:2023-10-25T00:00:00
db:VULMONid:CVE-2006-20001date:2023-01-17T00:00:00
db:JVNDBid:JVNDB-2006-004077date:2023-01-30T00:00:00
db:PACKETSTORMid:170816date:2023-01-31T17:16:26
db:PACKETSTORMid:170830date:2023-02-01T17:50:42
db:PACKETSTORMid:171178date:2023-02-28T17:13:39
db:PACKETSTORMid:171079date:2023-02-21T16:50:34
db:PACKETSTORMid:174566date:2023-09-08T20:44:43
db:PACKETSTORMid:171415date:2023-03-21T17:41:11
db:PACKETSTORMid:172734date:2023-06-06T16:30:34
db:PACKETSTORMid:172731date:2023-06-06T16:29:30
db:CNNVDid:CNNVD-202301-1294date:2023-01-17T00:00:00
db:NVDid:CVE-2006-20001date:2023-01-17T20:15:11.177