{"containers": {"cna": {"affected": [{"product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "2.4.46"}, {"status": "affected", "version": "2.4.43"}, {"status": "affected", "version": "2.4.41"}, {"status": "affected", "version": "2.4.39"}, {"status": "affected", "version": "2.4.38"}, {"status": "affected", "version": "2.4.37"}, {"status": "affected", "version": "2.4.35"}, {"status": "affected", "version": "2.4.34"}, {"status": "affected", "version": "2.4.33"}, {"status": "affected", "version": "2.4.29"}, {"status": "affected", "version": "2.4.28"}, {"status": "affected", "version": "2.4.27"}, {"status": "affected", "version": "2.4.26"}, {"status": "affected", "version": "2.4.25"}, {"status": "affected", "version": "2.4.23"}, {"status": "affected", "version": "2.4.20"}, {"status": "affected", "version": "2.4.18"}, {"status": "affected", "version": "2.4.17"}, {"status": "affected", "version": "2.4.16"}, {"status": "affected", "version": "2.4.12"}, {"status": "affected", "version": "2.4.10"}, {"status": "affected", "version": "2.4.9"}, {"status": "affected", "version": "2.4.7"}, {"status": "affected", "version": "2.4.6"}, {"status": "affected", "version": "2.4.4"}, {"status": "affected", "version": "2.4.3"}, {"status": "affected", "version": "2.4.2"}, {"status": "affected", "version": "2.4.1"}, {"status": "affected", "version": "2.4.0"}]}], "credits": [{"lang": "en", "value": "Discovered by Ivan Zhakov"}], "descriptions": [{"lang": "en", "value": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows"}], "metrics": [{"other": {"content": {"other": "moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "Improper Handling of Insufficient Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-23T07:06:05", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E"}, {"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"}, {"name": "[oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Handling of Insufficient Privileges", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2020-13938", "STATE": "PUBLIC", "TITLE": "Improper Handling of Insufficient Privileges"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache HTTP Server", "version": {"version_data": [{"version_affected": "=", "version_name": "2.4", "version_value": "2.4.46"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.43"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.41"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.39"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.38"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.37"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.35"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.34"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.33"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.29"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.28"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.27"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.26"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.25"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.23"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.20"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.18"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.17"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.16"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.12"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.10"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.9"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.7"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.6"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.4"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.3"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.2"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.1"}, {"version_affected": "=", "version_name": "2.4", "version_value": "2.4.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Discovered by Ivan Zhakov"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Handling of Insufficient Privileges"}]}]}, "references": {"reference_data": [{"name": "http://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30@%3Cannounce.httpd.apache.org%3E"}, {"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E"}, {"name": "[oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3"}, {"name": "https://security.netapp.com/advisory/ntap-20210702-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:32:14.566Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-announce] 20210609 CVE-2020-13938: Improper Handling of Insufficient Privileges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E"}, {"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"}, {"name": "[oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-13938", "datePublished": "2021-06-10T07:10:20", "dateReserved": "2020-06-08T00:00:00", "dateUpdated": "2024-08-04T12:32:14.566Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8375A8C8-38EB-4F32-97FD-0841D57C1971", "versionEndIncluding": "2.4.46", "versionStartIncluding": "2.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5", "versionEndExcluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*", "matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*", "matchCriteriaId": "C879487A-3378-4C5D-9DA6-308D06B786A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*", "matchCriteriaId": "523E143F-E8B3-4B24-AD64-65BF5A8677A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*", "matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows"}, {"lang": "es", "value": "Apache HTTP Server versiones 2.4.0 a 2.4.46 Los usuarios locales sin privilegios pueden detener httpd en Windows"}], "id": "CVE-2020-13938", "lastModified": "2023-11-07T03:17:01.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-10T07:15:07.403", "references": [{"source": "security@apache.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10379"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "httpd: Improper Handling of Insufficient Privileges", "id": "1970006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-732", "details": ["Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows", "A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability."], "name": "CVE-2020-13938", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "httpd:2.4/httpd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "httpd22", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Out of support scope", "package_name": "httpd22", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "httpd24-httpd", "product_name": "Red Hat Software Collections"}], "public_date": "2021-06-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-13938\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13938"], "statement": "As per upstream, this flaw affects only Microsoft Windows operating system, therefore Red Hat Enterprise Linux and Red Hat Software Collection is not affected by this flaw.", "threat_severity": "Moderate", "upstream_fix": "httpd 2.4.48"}