CVE-2018-1303
Severity
7.5HIGH
EPSS
40.1%
top 2.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 26
Latest updateMay 13
Description
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04
🔴Vulnerability Details
4GHSA▶
GHSA-8rrj-w45x-2fr2: A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2↗2022-05-13
CVEList▶
CVE-2018-1303: A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2↗2018-03-26
OSV▶
CVE-2018-1303: A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2↗2018-03-26
💥Exploits & PoCs
1📋Vendor Advisories
4Red Hat
▶
Debian▶
CVE-2018-1303: apache2 - A specially crafted HTTP request header could have crashed the Apache HTTP Serve...↗2018