CVE-2018-1301

CWE-119Buffer OverflowCWE-125Out-of-bounds Read11 documents8 sources
Severity
5.9MEDIUM
EPSS
7.5%
top 8.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apache Http ServerApache Software Foundation Apache Http ServerCanonical Ubuntu Linux+2 more
Timeline
PublishedMar 26
Latest updateMay 13

Description

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

NVDapache/http_server2.4.29
Debianapache2< 2.4.33-1+3

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04, Enterprise Linux 6.0, 7.0, 7.4, 7.5, 7.6

🔴Vulnerability Details

3
GHSA
GHSA-c68v-mcv4-56hp: A specially crafted request could have crashed the Apache HTTP Server prior to version 22022-05-13
OSV
CVE-2018-1301: A specially crafted request could have crashed the Apache HTTP Server prior to version 22018-03-26
CVEList
CVE-2018-1301: A specially crafted request could have crashed the Apache HTTP Server prior to version 22018-03-26

📋Vendor Advisories

5
Ubuntu
Apache vulnerabilities2019-04-10
Ubuntu
Apache HTTP Server vulnerabilities2018-04-30
Ubuntu
Apache HTTP Server vulnerabilities2018-04-19
Red Hat
httpd: Out of bounds access after failure in reading the HTTP request2018-03-21
Debian
CVE-2018-1301: apache2 - A specially crafted request could have crashed the Apache HTTP Server prior to v...2018

💬Community

2
Bugzilla
CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all]2018-03-26
Bugzilla
CVE-2018-1301 httpd: Out of bounds access after failure in reading the HTTP request2018-03-26