Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8011

CWE-476NULL Pointer Dereference10 documents9 sources
Severity
7.5HIGH
EPSS
82.0%
top 0.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Software Foundation Apache Http ServerApache Http Server
Timeline
PublishedJul 18
Latest updateJul 20

Description

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/http_server2.4.33
CVEListV5apache_software_foundation/apache_http_serverFixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)
Debianapache2< 2.4.34-1+3

🔴Vulnerability Details

3
OSV
CVE-2018-8011: By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault2018-07-18
CVEList
mod_md, DoS via Coredumps on specially crafted requests2018-07-18
VulnCheck
Apache HTTP Server NULL Pointer Dereference2018

💥Exploits & PoCs

1
Nuclei
Apache HTTP Server - NULL Pointer Dereference

📋Vendor Advisories

3
Red Hat
httpd: mod_md: NULL pointer dereference causing httpd child process crash2018-07-18
Debian
CVE-2018-8011: apache2 - By specially crafting HTTP requests, the mod_md challenge handler would derefere...2018
Apache
Apache httpd: CVE-2018-8011

💬Community

2
Bugzilla
CVE-2018-8011 httpd: mod_md: NULL pointer dereference causing httpd child process crash [fedora-all]2018-07-20
Bugzilla
CVE-2018-8011 httpd: mod_md: NULL pointer dereference causing httpd child process crash2018-07-20
CVE-2018-8011 (HIGH CVSS 7.5) | By specially crafting HTTP requests | cvebase.io