Search for vulnerabilities
Vulnerability details: VCID-avfr-zuw1-aaam
Vulnerability ID VCID-avfr-zuw1-aaam
Aliases CVE-2020-13938
Summary Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-862 Missing Authorization
CWE-732 Incorrect Permission Assignment for Critical Resource
System Score Found at
generic_textual Medium http://httpd.apache.org/security/vulnerabilities_24.html
cvssv3 6.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00466 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00466 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.0051 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
epss 0.00912 https://api.first.org/data/v1/epss?cve=CVE-2020-13938
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1970006
apache_httpd moderate https://httpd.apache.org/security/json/CVE-2020-13938.json
cvssv3.1 7.5 https://kc.mcafee.com/corporate/index?page=content&id=SB10379
generic_textual HIGH https://kc.mcafee.com/corporate/index?page=content&id=SB10379
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13938
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13938
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13938
archlinux Medium https://security.archlinux.org/AVG-2054
Reference id Reference type URL
http://httpd.apache.org/security/vulnerabilities_24.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json
https://api.first.org/data/v1/epss?cve=CVE-2020-13938
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://security.netapp.com/advisory/ntap-20210702-0001/
http://www.openwall.com/lists/oss-security/2021/06/10/3
1970006 https://bugzilla.redhat.com/show_bug.cgi?id=1970006
AVG-2054 https://security.archlinux.org/AVG-2054
cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
CVE-2020-13938 https://httpd.apache.org/security/json/CVE-2020-13938.json
CVE-2020-13938 https://nvd.nist.gov/vuln/detail/CVE-2020-13938
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-13938
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-13938
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-13938
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05128
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.