Bug 2161774 (CVE-2006-20001)
Summary: | CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Zack Miele <zmiele> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | asoldano, bbaranow, bdettelb, bmaxwell, brian.stansberry, caswilli, cdewolf, chazlett, csutherl, darran.lofthouse, dkreling, dosoudil, fjuma, gsuckevi, hhorak, icesalov, ivassile, iweiss, jburrell, jclere, jkoehler, jorton, jwon, kaycoth, lgao, luhliari, micjohns, mosmerov, msochure, msvehla, mturk, nwallace, peholase, pjindal, plodge, pmackay, rstancel, smaestri, sthirugn, szappis, tom.jenkinson, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | httpd 2.4.55 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-02-28 12:19:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2162098, 2162499, 2162500, 2162501, 2165970, 2165976 | ||
Bug Blocks: | 2161771 |
Description
Zack Miele
2023-01-17 20:55:03 UTC
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 2162098] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0852 https://access.redhat.com/errata/RHSA-2023:0852 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0970 https://access.redhat.com/errata/RHSA-2023:0970 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2006-20001 This issue has been addressed in the following products: JBCS httpd 2.4.51.sp2 Via RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354 |