CVE-2020-13938 - Vulnerability Details

Vendors	Products
Apache	Http Server
Mcafee	Epolicy Orchestrator
Microsoft	Windows
Netapp	Cloud Backup

Link	Providers
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/3
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-13938
https://security.netapp.com/advisory/ntap-20210702-0001/
https://www.cve.org/CVERecord?id=CVE-2020-13938

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "2.4.46"}, {"status": "affected", "version": "2.4.43"}, {"status": "affected", "version": "2.4.41"}, {"status": "affected", "version": "2.4.39"}, {"status": "affected", "version": "2.4.38"}, {"status": "affected", "version": "2.4.37"}, {"status": "affected", "version": "2.4.35"}, {"status": "affected", "version": "2.4.34"}, {"status": "affected", "version": "2.4.33"}, {"status": "affected", "version": "2.4.29"}, {"status": "affected", "version": "2.4.28"}, {"status": "affected", "version": "2.4.27"}, {"status": "affected", "version": "2.4.26"}, {"status": "affected", "version": "2.4.25"}, {"status": "affected", "version": "2.4.23"}, {"status": "affected", "version": "2.4.20"}, {"status": "affected", "version": "2.4.18"}, {"status": "affected", "version": "2.4.17"}, {"status": "affected", "version": "2.4.16"}, {"status": "affected", "version": "2.4.12"}, {"status": "affected", "version": "2.4.10"}, {"status": "affected", "version": "2.4.9"}, {"status": "affected", "version": "2.4.7"}, {"status": "affected", "version": "2.4.6"}, {"status": "affected", "version": "2.4.4"}, {"status": "affected", "version": "2.4.3"}, {"status": "affected", "version": "2.4.2"}, {"status": "affected", "version": "2.4.1"}, {"status": "affected", "version": "2.4.0"}]}], "credits": [{"lang": "en", "value": "Discovered by Ivan Zhakov"}], "descriptions": [{"lang": "en", "value": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows"}], "metrics": [{"other": {"content": {"other": "moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "Improper Handling of Insufficient Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-23T07:06:05", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E"}, {"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"}, {"name": "[oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Handling of Insufficient Privileges", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2020-13938", "STATE": "PUBLIC", "TITLE": "Improper Handling of Insufficient Privileges"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache HTTP Server", "version": {"version_data": [{"version_affected": "=", "version_name": "2.4", "version_value": "2.4.46"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.43"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.41"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.39"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.38"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.37"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.35"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.34"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.33"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.29"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.28"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.27"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.26"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.25"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.23"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.20"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.18"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.17"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.16"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.12"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.10"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.9"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.7"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.6"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.4"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.3"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.2"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.1"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Discovered by Ivan Zhakov"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Handling of Insufficient Privileges"}]}]}, "references": {"reference_data": [{"name": "http://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30@%3Cannounce.httpd.apache.org%3E"}, {"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E"}, {"name": "[oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3"}, {"name": "https://security.netapp.com/advisory/ntap-20210702-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:32:14.566Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E"}, {"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"}, {"name": "[oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-13938", "datePublished": "2021-06-10T07:10:20", "dateReserved": "2020-06-08T00:00:00", "dateUpdated": "2024-08-04T12:32:14.566Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Apache HTTP Server (string)

vendor : Apache Software Foundation (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.4.46 (string)

}

1 : { »

status : affected (string)

version : 2.4.43 (string)

}

2 : { »

status : affected (string)

version : 2.4.41 (string)

}

3 : { »

status : affected (string)

version : 2.4.39 (string)

}

4 : { »

status : affected (string)

version : 2.4.38 (string)

}

5 : { »

status : affected (string)

version : 2.4.37 (string)

}

6 : { »

status : affected (string)

version : 2.4.35 (string)

}

7 : { »

status : affected (string)

version : 2.4.34 (string)

}

8 : { »

status : affected (string)

version : 2.4.33 (string)

}

9 : { »

status : affected (string)

version : 2.4.29 (string)

}

10 : { »

status : affected (string)

version : 2.4.28 (string)

}

11 : { »

status : affected (string)

version : 2.4.27 (string)

}

12 : { »

status : affected (string)

version : 2.4.26 (string)

}

13 : { »

status : affected (string)

version : 2.4.25 (string)

}

14 : { »

status : affected (string)

version : 2.4.23 (string)

}

15 : { »

status : affected (string)

version : 2.4.20 (string)

}

16 : { »

status : affected (string)

version : 2.4.18 (string)

}

17 : { »

status : affected (string)

version : 2.4.17 (string)

}

18 : { »

status : affected (string)

version : 2.4.16 (string)

}

19 : { »

status : affected (string)

version : 2.4.12 (string)

}

20 : { »

status : affected (string)

version : 2.4.10 (string)

}

21 : { »

status : affected (string)

version : 2.4.9 (string)

}

22 : { »

status : affected (string)

version : 2.4.7 (string)

}

23 : { »

status : affected (string)

version : 2.4.6 (string)

}

24 : { »

status : affected (string)

version : 2.4.4 (string)

}

25 : { »

status : affected (string)

version : 2.4.3 (string)

}

26 : { »

status : affected (string)

version : 2.4.2 (string)

}

27 : { »

status : affected (string)

version : 2.4.1 (string)

}

28 : { »

status : affected (string)

version : 2.4.0 (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : Discovered by Ivan Zhakov (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows (string)

}

]

metrics : [ »

0 : { »

other : { »

content : { »

other : moderate (string)

}

type : unknown (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Improper Handling of Insufficient Privileges (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-03-23T07:06:05 (string)

orgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

shortName : apache (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://httpd.apache.org/security/vulnerabilities_24.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E (string)

}

2 : { »

name : [httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E (string)

}

3 : { »

name : [httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E (string)

}

4 : { »

name : [oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2021/06/10/3 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://security.netapp.com/advisory/ntap-20210702-0001/ (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://kc.mcafee.com/corporate/index?page=content&id=SB10379 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : Improper Handling of Insufficient Privileges (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@apache.org (string)

ID : CVE-2020-13938 (string)

STATE : PUBLIC (string)

TITLE : Improper Handling of Insufficient Privileges (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Apache HTTP Server (string)

version : { »

version_data : [ »

0 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.46 (string)

}

1 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.43 (string)

}

2 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.41 (string)

}

3 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.39 (string)

}

4 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.38 (string)

}

5 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.37 (string)

}

6 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.35 (string)

}

7 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.34 (string)

}

8 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.33 (string)

}

9 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.29 (string)

}

10 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.28 (string)

}

11 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.27 (string)

}

12 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.26 (string)

}

13 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.25 (string)

}

14 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.23 (string)

}

15 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.20 (string)

}

16 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.18 (string)

}

17 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.17 (string)

}

18 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.16 (string)

}

19 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.12 (string)

}

20 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.10 (string)

}

21 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.9 (string)

}

22 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.7 (string)

}

23 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.6 (string)

}

24 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.4 (string)

}

25 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.3 (string)

}

26 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.2 (string)

}

27 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.1 (string)

}

28 : { »

version_affected : = (string)

version_name : 2.4 (string)

version_value : 2.4.0 (string)

}

]

}

]

}

vendor_name : Apache Software Foundation (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : Discovered by Ivan Zhakov (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : [ »

0 : { »

other : moderate (string)

}

]

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Improper Handling of Insufficient Privileges (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://httpd.apache.org/security/vulnerabilities_24.html (string)

refsource : MISC (string)

url : http://httpd.apache.org/security/vulnerabilities_24.html (string)

}

1 : { »

name : https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E (string)

refsource : MISC (string)

url : https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E (string)

}

2 : { »

name : [httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30@%3Cannounce.httpd.apache.org%3E (string)

}

3 : { »

name : [httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E (string)

}

4 : { »

name : [oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2021/06/10/3 (string)

}

5 : { »

name : https://security.netapp.com/advisory/ntap-20210702-0001/ (string)

refsource : CONFIRM (string)

url : https://security.netapp.com/advisory/ntap-20210702-0001/ (string)

}

6 : { »

name : https://kc.mcafee.com/corporate/index?page=content&id=SB10379 (string)

refsource : CONFIRM (string)

url : https://kc.mcafee.com/corporate/index?page=content&id=SB10379 (string)

}

]

}

source : { »

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T12:32:14.566Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://httpd.apache.org/security/vulnerabilities_24.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E (string)

}

2 : { »

name : [httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E (string)

}

3 : { »

name : [httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E (string)

}

4 : { »

name : [oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2021/06/10/3 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://security.netapp.com/advisory/ntap-20210702-0001/ (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://kc.mcafee.com/corporate/index?page=content&id=SB10379 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

assignerShortName : apache (string)

cveId : CVE-2020-13938 (string)

datePublished : 2021-06-10T07:10:20 (string)

dateReserved : 2020-06-08T00:00:00 (string)

dateUpdated : 2024-08-04T12:32:14.566Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8375A8C8-38EB-4F32-97FD-0841D57C1971", "versionEndIncluding": "2.4.46", "versionStartIncluding": "2.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5", "versionEndExcluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*", "matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*", "matchCriteriaId": "C879487A-3378-4C5D-9DA6-308D06B786A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*", "matchCriteriaId": "523E143F-E8B3-4B24-AD64-65BF5A8677A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*", "matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows"}, {"lang": "es", "value": "Apache HTTP Server versiones 2.4.0 a 2.4.46 Los usuarios locales sin privilegios pueden detener httpd en Windows"}], "id": "CVE-2020-13938", "lastModified": "2024-11-21T05:02:11.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-10T07:15:07.403", "references": [{"source": "security@apache.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8375A8C8-38EB-4F32-97FD-0841D57C1971 (string)

versionEndIncluding : 2.4.46 (string)

versionStartIncluding : 2.4.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A30F7908-5AF6-4761-BC6A-4C18EFAE48E5 (string)

versionEndExcluding : 5.10.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:* (string)

matchCriteriaId : 7B00DDE7-7002-45BE-8EDE-65D964922CB0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:* (string)

matchCriteriaId : DB88C165-BB24-49FB-AAF6-087A766D5AD1 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:* (string)

matchCriteriaId : C879487A-3378-4C5D-9DA6-308D06B786A0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:* (string)

matchCriteriaId : 523E143F-E8B3-4B24-AD64-65BF5A8677A7 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:* (string)

matchCriteriaId : FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:* (string)

matchCriteriaId : 7DE847E0-431D-497D-9C57-C4E59749F6A0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:* (string)

matchCriteriaId : 46385384-5561-40AA-9FDE-A2DE4FDFAD3E (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:* (string)

matchCriteriaId : B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:* (string)

matchCriteriaId : 9E4E5481-1070-4E1F-8679-1985DE4E785A (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:* (string)

matchCriteriaId : D9EEA681-67FF-43B3-8610-0FA17FD279E5 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:* (string)

matchCriteriaId : C33BA8EA-793D-4E79-BE9C-235ACE717216 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:* (string)

matchCriteriaId : 823DBE80-CB8D-4981-AE7C-28F3FDD40451 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 5C2089EE-5D7F-47EC-8EA5-0F69790564C4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows (string)

}

1 : { »

lang : es (string)

value : Apache HTTP Server versiones 2.4.0 a 2.4.46 Los usuarios locales sin privilegios pueden detener httpd en Windows (string)

}

]

id : CVE-2020-13938 (string)

lastModified : 2024-11-21T05:02:11.440 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 2.1 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-06-10T07:15:07.403 (string)

references : [ »

0 : { »

source : security@apache.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : http://httpd.apache.org/security/vulnerabilities_24.html (string)

}

1 : { »

source : security@apache.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2021/06/10/3 (string)

}

2 : { »

source : security@apache.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://kc.mcafee.com/corporate/index?page=content&id=SB10379 (string)

}

3 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E (string)

}

4 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E (string)

}

5 : { »

source : security@apache.org (string)

tags : [ »

0 : Mailing List (string)

1 : Release Notes (string)

2 : Vendor Advisory (string)

]

url : https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E (string)

}

6 : { »

source : security@apache.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.netapp.com/advisory/ntap-20210702-0001/ (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : http://httpd.apache.org/security/vulnerabilities_24.html (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2021/06/10/3 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://kc.mcafee.com/corporate/index?page=content&id=SB10379 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Release Notes (string)

2 : Vendor Advisory (string)

]

url : https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.netapp.com/advisory/ntap-20210702-0001/ (string)

}

]

sourceIdentifier : security@apache.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-862 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "httpd: Improper Handling of Insufficient Privileges", "id": "1970006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-732", "details": ["Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows", "A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability."], "name": "CVE-2020-13938", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "httpd:2.4/httpd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "httpd22", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Out of support scope", "package_name": "httpd22", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "httpd24-httpd", "product_name": "Red Hat Software Collections"}], "public_date": "2021-06-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-13938\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13938"], "statement": "As per upstream, this flaw affects only Microsoft Windows operating system, therefore Red Hat Enterprise Linux and Red Hat Software Collection is not affected by this flaw.", "threat_severity": "Moderate"}

{

bugzilla : { »

description : httpd: Improper Handling of Insufficient Privileges (string)

id : 1970006 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1970006 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 6.2 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : CWE-732 (string)

details : [ »

0 : Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows (string)

1 : A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. (string)

]

name : CVE-2020-13938 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : httpd (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : httpd (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : httpd:2.4/httpd (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : httpd (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

4 : { »

cpe : cpe:/a:redhat:jboss_core_services:1 (string)

fix_state : Not affected (string)

package_name : httpd (string)

product_name : Red Hat JBoss Core Services (string)

}

5 : { »

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:6 (string)

fix_state : Out of support scope (string)

package_name : httpd22 (string)

product_name : Red Hat JBoss Enterprise Application Platform 6 (string)

}

6 : { »

cpe : cpe:/a:redhat:jboss_enterprise_web_server:2 (string)

fix_state : Out of support scope (string)

package_name : httpd22 (string)

product_name : Red Hat JBoss Enterprise Web Server 2 (string)

}

7 : { »

cpe : cpe:/a:redhat:rhel_software_collections:3 (string)

fix_state : Not affected (string)

package_name : httpd24-httpd (string)

product_name : Red Hat Software Collections (string)

}

]

public_date : 2021-06-07T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2020-13938 https://nvd.nist.gov/vuln/detail/CVE-2020-13938 (string)

]

statement : As per upstream, this flaw affects only Microsoft Windows operating system, therefore Red Hat Enterprise Linux and Red Hat Software Collection is not affected by this flaw. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object