CVE-2020-35452 in HTTP Server
Summary
by MITRE • 06/10/2021
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 08/11/2025
The vulnerability identified as CVE-2020-35452 affects Apache HTTP Server versions ranging from 2.4.0 through 2.4.46 and specifically targets the mod_auth_digest module responsible for handling HTTP digest authentication. This flaw represents a stack overflow condition that occurs when processing specially crafted Digest nonce values, creating a potential security risk within the authentication framework of the web server. The issue stems from improper input validation and handling of authentication tokens that are transmitted during the digest authentication process, which is a fundamental security mechanism used by web servers to protect resources.
The technical implementation of this vulnerability involves a stack buffer overflow that manifests when the mod_auth_digest module processes malformed nonce values. The overflow is characterized by a single byte overflow with a zero value, indicating that the vulnerability occurs due to insufficient bounds checking in the nonce validation routine. This type of vulnerability falls under the CWE-121 stack-based buffer overflow category, which represents a classic security flaw where data written to a buffer exceeds the allocated stack space. The attack surface is specifically limited to the digest authentication mechanism, making it a targeted vulnerability that requires authentication tokens to be processed by the affected server components.
The operational impact of CVE-2020-35452 remains relatively constrained despite the stack overflow nature of the vulnerability. While the Apache HTTP Server team has confirmed that no exploitable proof-of-concept has been demonstrated, the potential for exploitation cannot be entirely ruled out due to compiler-specific behaviors and compilation options that might alter memory layout characteristics. The limited consequences stem from the minimal overflow size of a single byte with zero value, which typically results in restricted damage compared to more substantial buffer overflows. However, the vulnerability could theoretically be leveraged for denial-of-service attacks or potentially more sophisticated exploitation techniques depending on the execution environment and compiler optimizations in use.
The vulnerability aligns with ATT&CK technique T1210 exploitation of remote services through authentication mechanisms, as it specifically targets the authentication framework of the web server. Organizations using affected Apache HTTP Server versions should prioritize patching to address this vulnerability, particularly in environments where digest authentication is actively utilized. The recommended mitigation strategy involves upgrading to Apache HTTP Server version 2.4.47 or later, which contains the necessary fixes to prevent the stack overflow condition. Additionally, administrators should consider disabling digest authentication if it is not essential for their specific use cases, and implementing monitoring solutions to detect unusual authentication patterns that might indicate exploitation attempts. Security teams should also review their compilation practices and ensure that appropriate compiler hardening options are enabled to minimize potential exploitation vectors.