CVE-2006-20001

HIGH

Apache HTTP Server < 2.4.55 - Out-of-bounds Write via If Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-20001. PoCs published by r1az4r.

AI-analyzed exploit summary The repository contains only a README with basic CVE details and references but no functional exploit code or technical analysis. It references an external JSON file ('CVE-2006-20001.json') which is not included in the provided files.

Description

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

Exploits (1)

nomisec STUB

by r1az4r · poc

https://github.com/r1az4r/CVE-2006-20001

View Code ZIP pw:eip

The repository contains only a README with basic CVE details and references but no functional exploit code or technical analysis. It references an external JSON file ('CVE-2006-20001.json') which is not included in the provided files.

Classification

Stub 90%

Attack Type

Dos

Complexity

Theoretical

Reliability

Theoretical

Target: Apache HTTP Server 2.4.54 and earlier

No auth needed

Prerequisites: Ability to send crafted HTTP requests to the target server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory

https://security.netapp.com/advisory/ntap-20230316-0005/

Third Party Advisory

https://security.gentoo.org/glsa/202309-01

Release Notes, Vendor Advisory vendor-advisory

https://httpd.apache.org/security/vulnerabilities_24.html

Scores

CVSS v3 7.5

EPSS 0.0355

EPSS Percentile 87.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (1)

apache/http_server < 2.4.55

Published Jan 17, 2023

Tracked Since Feb 18, 2026