Details of VAR-202106-1948

ID

VAR-202106-1948

CVE

CVE-2020-26691

TITLE

Apache HTTP Server Denial of Service Vulnerability (CNVD-2021-70103)

Trust: 0.6

sources: CNVD: CNVD-2021-70103

DESCRIPTION

Apache HTTP Server is an open source web server of the Apache Foundation. The server is fast, reliable and can be expanded through simple APIs. Apache HTTP Server has a denial of service vulnerability, which is caused by a crash caused by a NULL pointer dereference. Attackers can use this vulnerability to cause malicious back-end servers and SessionHeader denial of service.

Trust: 0.6

sources: CNVD: CNVD-2021-70103

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-70103

AFFECTED PRODUCTS

vendor:

apache

model:

http server

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-70103

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-70103
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-70103
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-70103

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-156

PATCH

title:	Patch for Apache HTTP Server Denial of Service Vulnerability (CNVD-2021-70103)	url:	https://www.cnvd.org.cn/patchinfo/show/290411	Trust: 0.6
title:	Apache HTTP Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152639	Trust: 0.6

sources: CNVD: CNVD-2021-70103 // CNNVD: CNNVD-202106-156

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26691	Trust: 1.2
db:	CNVD	id:	CNVD-2021-70103	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-156	Trust: 0.6

sources: CNVD: CNVD-2021-70103 // CNNVD: CNNVD-202106-156

REFERENCES

url:

https://vigilance.fr/vulnerability/apache-http-server-multiple-vulnerabilities-35605

Trust: 1.2

sources: CNVD: CNVD-2021-70103 // CNNVD: CNNVD-202106-156

SOURCES

db:	CNVD	id:	CNVD-2021-70103
db:	CNNVD	id:	CNNVD-202106-156

LAST UPDATE DATE

2022-05-04T10:10:35.155000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-70103	date:	2021-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202106-156	date:	2021-06-03T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-70103	date:	2021-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202106-156	date:	2021-06-02T00:00:00