Apache – CVE-2020-13950

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to a ‘mod_proxy_http’ null pointer dereference.

CVE-2020-13950 is categorized as a ‘NULL Pointer Dereference’ vulnerability (CWE-476).
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is actually NULL.
That, will probably cause a crash or an exit.

NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

Attackers could cause the ‘mod_proxy_http’ to crash (via NULL pointer dereference).
They do that by crafting requests that uses both Content-Length and Transfer-Encoding headers, which could lead to a Denial of Service (DoS).

It could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2020-13950, upgrade the version of Apache HTTP Server being used to 2.4.48.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950

https://cwe.mitre.org/data/definitions/476.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »