CVE-2020-13950: mod_proxy_http NULL pointer dereference
First published: Tue Jun 01 2021(Updated: )
A flaw was found In Apache httpd. The mod_proxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jbcs-httpd24-apr | <0:1.6.3-107.el8 | 0:1.6.3-107.el8 |
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-84.el8 | 0:1.6.1-84.el8 |
| redhat/jbcs-httpd24-curl | <0:7.78.0-2.el8 | 0:7.78.0-2.el8 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-78.el8 | 0:2.4.37-78.el8 |
| redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-39.el8 | 0:1.39.2-39.el8 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1g-8.el8 | 1:1.1.1g-8.el8 |
| redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-7.el8 | 0:1.0.0-7.el8 |
| redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-22.el8 | 0:0.4.10-22.el8 |
| redhat/jbcs-httpd24-apr | <0:1.6.3-107.jbcs.el7 | 0:1.6.3-107.jbcs.el7 |
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-84.jbcs.el7 | 0:1.6.1-84.jbcs.el7 |
| redhat/jbcs-httpd24-curl | <0:7.78.0-2.jbcs.el7 | 0:7.78.0-2.jbcs.el7 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-78.jbcs.el7 | 0:2.4.37-78.jbcs.el7 |
| redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-39.jbcs.el7 | 0:1.39.2-39.jbcs.el7 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1g-8.jbcs.el7 | 1:1.1.1g-8.jbcs.el7 |
| redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-7.jbcs.el7 | 0:1.0.0-7.jbcs.el7 |
| redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-22.jbcs.el7 | 0:0.4.10-22.jbcs.el7 |
| redhat/httpd | <2.4.47 | 2.4.47 |
| Apache Http Server | >=2.4.41<=2.4.46 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| Red Hat Fedora | =34 | |
| Red Hat Fedora | =35 | |
| Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
| Oracle Instantis EnterpriseTrack | =17.1 | |
| Oracle Instantis EnterpriseTrack | =17.2 | |
| Oracle Instantis EnterpriseTrack | =17.3 | |
| Oracle Storage Cloud Software Appliance | =8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-13950 https://nvd.nist.gov/vuln/detail/CVE-2020-13950 https://httpd.apache.org/security/vulnerabilities_24.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1966738
- https://access.redhat.com/errata/RHSA-2021:4614
- https://access.redhat.com/errata/RHSA-2022:5163
- https://access.redhat.com/errata/RHSA-2021:4613
- https://access.redhat.com/security/cve/cve-2020-13950
- http://httpd.apache.org/security/vulnerabilities_24.html
- http://www.openwall.com/lists/oss-security/2021/06/10/4
- https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
- https://security.gentoo.org/glsa/202107-38
- https://security.netapp.com/advisory/ntap-20210702-0001/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://svn.apache.org/r1678771
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1969234
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1966738#c0
- https://github.com/apache/httpd/blob/c37a3162d1c0aeb6f3b80e831243daf61596ac87/modules/proxy/mod_proxy_http.c#L456
- https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID of this flaw in Apache httpd?
The vulnerability ID is CVE-2020-13950.
What is the severity of CVE-2020-13950?
The severity of CVE-2020-13950 is high, with a severity value of 7.5.
Which version of Apache httpd is affected by CVE-2020-13950?
Apache httpd versions 2.4.41 to 2.4.46 are affected by CVE-2020-13950.
How can CVE-2020-13950 be exploited?
CVE-2020-13950 can be exploited by sending specially crafted requests using both Content-Length and Transfer-Encoding headers.
How can I fix the CVE-2020-13950 vulnerability?
To fix the CVE-2020-13950 vulnerability, update your Apache httpd version to 2.4.47 or later.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-13950
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/apache
- canonical/apache http server
- version/apache http server/2.4.41
- version/apache http server/2.4.46
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/34
- version/red hat fedora/35
- vendor/oracle
- canonical/oracle enterprise manager ops center
- version/oracle enterprise manager ops center/12.4.0.0
- canonical/oracle instantis enterprisetrack
- version/oracle instantis enterprisetrack/17.1
- version/oracle instantis enterprisetrack/17.2
- version/oracle instantis enterprisetrack/17.3
- canonical/oracle storage cloud software appliance
- version/oracle storage cloud software appliance/8.8