CVE-2006-0042

Name: CVE-2006-0042
Creator: NVD / NIST
Published: 2006-02-18T21:02:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.23%

Last modified Jun 16, 2026

CVE-2006-0042 is a vulnerability of currently unknown severity. Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.. EPSS estimates a 6.23% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

Metrics

EPSS Probability

6.23%

92.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Apache	Libapreq2	< 2.07
Debian	Debian Linux	3.0
Debian	Debian Linux	3.1

References

http://secunia.com/advisories/18846Patch, Third Party Advisory
http://secunia.com/advisories/19139Patch, Third Party Advisory
http://secunia.com/advisories/19658Third Party Advisory
http://securityreason.com/securityalert/737Third Party Advisory
http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markupVendor Advisory
http://www.debian.org/security/2006/dsa-1000Patch, Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-08.xmlThird Party Advisory
http://www.securityfocus.com/bid/16710Patch, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2006/0645Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24917Third Party Advisory, VDB Entry
http://secunia.com/advisories/18846Patch, Third Party Advisory
http://secunia.com/advisories/19139Patch, Third Party Advisory
http://secunia.com/advisories/19658Third Party Advisory
http://securityreason.com/securityalert/737Third Party Advisory
http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markupVendor Advisory
http://www.debian.org/security/2006/dsa-1000Patch, Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-08.xmlThird Party Advisory
http://www.securityfocus.com/bid/16710Patch, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2006/0645Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24917Third Party Advisory, VDB Entry

Timeline

Published: Feb 18, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-0042?

How severe is CVE-2006-0042?

Severity scoring for CVE-2006-0042 is pending analysis. The EPSS model estimates a 6.23% probability of exploitation in the next 30 days.

How do I fix CVE-2006-0042?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-0042?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST