CVE-2020-13938 — MEDIUM (5.5)

Q: What is CVE-2020-13938?

CVE-2020-13938 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

Q: How severe is CVE-2020-13938?

CVE-2020-13938 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-13938?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Microsoft Windows, Mcafee Epolicy Orchestrator, Netapp Cloud Backup.

Vulnerability Description

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.4.0, <= 2.4.46
Microsoft	Windows	-
Mcafee	Epolicy Orchestrator	< 5.10.0
Netapp	Cloud Backup	-

Related Weaknesses (CWE)

CWE-862

References

http://httpd.apache.org/security/vulnerabilities_24.htmlRelease NotesVendor Advisory
http://www.openwall.com/lists/oss-security/2021/06/10/3Mailing ListThird Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10379Third Party Advisory
https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111b
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62Mailing ListRelease NotesVendor Advisory
https://security.netapp.com/advisory/ntap-20210702-0001/Third Party Advisory
http://httpd.apache.org/security/vulnerabilities_24.htmlRelease NotesVendor Advisory
http://www.openwall.com/lists/oss-security/2021/06/10/3Mailing ListThird Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10379Third Party Advisory
https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111b
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62Mailing ListRelease NotesVendor Advisory
https://security.netapp.com/advisory/ntap-20210702-0001/Third Party Advisory

FAQ

What is CVE-2020-13938?

CVE-2020-13938 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

How severe is CVE-2020-13938?

CVE-2020-13938 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-13938?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Microsoft Windows, Mcafee Epolicy Orchestrator, Netapp Cloud Backup.