PT-2018-3178 · Apache+5 · Apache Http Server+5

Robert Swiecki

Published

2018-03-21

Updated

2021-06-06

CVE-2018-1301

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.30

Description A specially crafted request could crash the server due to an out of bound access after a size limit is reached by reading the HTTP header. This issue is considered very hard if not impossible to trigger in non-debug mode, so it is classified as low risk for common server usage. The issue is related to an out of bound access in memory after reaching the size limit by reading the HTTP header, which could allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 2.4.30, update to version 2.4.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the server or implementing additional security measures to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2018-1519

BDU:2019-04309

CESA-2020_1121

CVE-2018-1301

DLA-1389-1

DSA-4164-1

MGASA-2018-0460

RHSA-2018:3558

RHSA-2019:0367

RHSA-2020:1121

RHSA-2020_1121

SUSE-SU-2018:0879-1

SUSE-SU-2018:0901-1

SUSE-SU-2018:1079-1

SUSE-SU-2018:1161-1

SUSE-SU-2018:1161-2

USN-3627-1

USN-3627-2

USN-3937-2

Affected Products

Alt Linux

Apache Http Server

Centos

Red Hat

Suse

Ubuntu

PT-2018-3178 · Apache+5 · Apache Http Server+5

CVE-2018-1301

Weakness Enumeration

Related Identifiers

Affected Products

References · 122