HomePentest-Tools.com Logo

Apache HTTP Server 2.4.0 - 2.4.46 Multiple Vulnerabilities - Windows CVE-2020-13938CVE-2020-35452CVE-2021-26690CVE-2021-26691

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache HTTP Server is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2020-13938: Improper Handling of Insufficient Privileges - CVE-2020-35452: mod_auth_digest possible stack overflow by one null byte - CVE-2021-26690: mod_session NULL pointer dereference - CVE-2021-26691: mod_session response handling heap overflow - CVE-2020-13938: This flaw lets unprivileged local users stop httpd on Windows. - CVE-2020-35452: A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. - CVE-2021-26690: A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. - CVE-2021-26691: A specially crafted SessionHeader sent by an origin server could cause a heap overflow.

Recommendation

Update to version 2.4.48 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 10, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available