Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
Reference (s):
- https://security.netapp.com/advisory/ntap-20210702-0001/
- URL: https://security.netapp.com/advisory/ntap-20210702-0001/
- FEDORA:FEDORA-2021-dce7e7738e
- URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
- FEDORA:FEDORA-2021-e3f6dd670d