Description
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH WooCommerce Request A Quote Security Bypass (1.4.7)
MySQL CVE-2020-2589 Vulnerability (CVE-2020-2589)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (3.1.9)
WordPress Plugin Top 10-Popular posts for WordPress Cross-Site Scripting (2.3.0)