CVE-2020-13938

Description

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

Related CPE's

aapachehttp_server********

vulnerable

omicrosoftwindows-*******

References

N/A

Release NotesVendor Advisory

N/A

Mailing ListRelease NotesVendor Advisory

[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json

Mailing ListVendor Advisory

[httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges

Mailing ListVendor Advisory

[oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges

Mailing ListThird Party Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

LOW

BaseScore

5.5

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

2.1

VectorString

AV:L/AC:L/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io