PT-2018-3179 · Apache+5 · Apache Http Server+5

Published

2018-03-21

Updated

2021-06-06

CVE-2018-1303

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.30

Description A specially crafted HTTP request header could crash the Apache HTTP Server due to an out of bound read while preparing data to be cached in shared memory. This could be used as a Denial of Service attack against users of mod cache socache. The issue is considered low risk since mod cache socache is not widely used, and mod cache disk is not affected.

Recommendations For versions prior to 2.4.30, update to version 2.4.30 or later to resolve the issue. As a temporary workaround, consider disabling the mod cache socache module until a patch is available.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-1519

BDU:2019-04310

CESA-2020_3958

CVE-2018-1303

DSA-4164-1

MGASA-2018-0460

RHSA-2018:3558

RHSA-2019:0367

RHSA-2020:3958

RHSA-2020_3958

SUSE-SU-2018:0879-1

SUSE-SU-2018:0901-1

SUSE-SU-2018:1161-1

SUSE-SU-2018:1161-2

USN-3627-1

USN-3627-2

Affected Products

Alt Linux

Apache Http Server

Centos

Red Hat

Suse

Ubuntu

PT-2018-3179 · Apache+5 · Apache Http Server+5

CVE-2018-1303

Weakness Enumeration

Related Identifiers

Affected Products

References · 122