Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-1303

Published: 26/03/2018 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 455
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Http Server

Vulnerability Summary

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 17.10

canonical ubuntu linux 18.04

netapp santricity cloud connector -

netapp storage automation store -

netapp storagegrid -

netapp clustered data ontap -

Vendor Advisories

Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP1 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...
Red Hat: Moderate: httpd security, bug fix, and enhancement update
Synopsis Moderate: httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Red Hat: Moderate: httpd24 security, bug fix, and enhancement update
Synopsis Moderate: httpd24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
Debian Security Advisories: DSA-4164-1 apache2 -- security update
Several vulnerabilities have been found in the Apache HTTPD server CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an out of bound write if supplied with a crafted Accept-Language header This could potentially be used for a Denial of Service attack ...
Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in the Apache HTTP Server ...
Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in the Apache HTTP Server ...
Amazon Linux AMI: ALAS-2018-1004
Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2430 could have written a NULL pointer potentially to an already freed memory The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team ...
Red Hat: CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2430 due to an out of bound read while preparing data to be cached in shared memory It could be used as a Denial of Service attack against users of mod_cache_socache The vulnerability is considered as low risk since mod_cache_socache is not widely ...
Arch Linux Issues:
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2430 due to an out of bound read while preparing data to be cached in shared memory It could be used as a Denial of Service attack against users of mod_cache_socache ...
Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bun ...

References

CWE-125https://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.openwall.com/lists/oss-security/2018/03/24/3http://www.securitytracker.com/id/1040572http://www.securityfocus.com/bid/103522https://www.debian.org/security/2018/dsa-4164https://usn.ubuntu.com/3627-1/https://usn.ubuntu.com/3627-2/https://security.netapp.com/advisory/ntap-20180601-0004/https://access.redhat.com/errata/RHSA-2018:3558https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_ushttps://access.redhat.com/errata/RHSA-2019:0367https://access.redhat.com/errata/RHSA-2019:0366https://www.tenable.com/security/tns-2019-09https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2019:0367https://usn.ubuntu.com/3627-2/https://www.debian.org/security/./dsa-4164
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook