CVE-2018-1302

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.33

Description The issue is related to an HTTP/2 stream vulnerability in the Apache HTTP Server, which is caused by incorrect handling of a NULL pointer. This could potentially allow a remote attacker to cause a denial of service. The vulnerability is considered low risk due to the difficulty in triggering it in usual configurations. The memory pools maintained by the server make exploitation hard, and it was not reproducible outside debug builds.

Recommendations For versions prior to 2.4.33, update to version 2.4.33 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTP/2 streams until the update is applied.