PT-2018-3179 · Apache+5 · Apache Http Server+5

Publicado

2018-03-21

Atualizado

2021-06-06

CVE-2018-1303

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.30

Description A specially crafted HTTP request header could crash the Apache HTTP Server due to an out of bound read while preparing data to be cached in shared memory. This could be used as a Denial of Service attack against users of mod cache socache. The issue is considered low risk since mod cache socache is not widely used, and mod cache disk is not affected.

Recommendations For versions prior to 2.4.30, update to version 2.4.30 or later to resolve the issue. As a temporary workaround, consider disabling the mod cache socache module until a patch is available.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2018-1519

BDU:2019-04310

CESA-2020_3958

CVE-2018-1303

DSA-4164-1

MGASA-2018-0460

RHSA-2018:3558

RHSA-2019:0367

RHSA-2020:3958

RHSA-2020_3958

SUSE-SU-2018:0879-1

SUSE-SU-2018:0901-1

SUSE-SU-2018:1161-1

SUSE-SU-2018:1161-2

USN-3627-1

USN-3627-2

Produtos afetados

Alt Linux

Apache Http Server

Centos

Red Hat

Suse

Ubuntu

PT-2018-3179 · Apache+5 · Apache Http Server+5

CVE-2018-1303

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 122