CVE-2018-1301

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.

Published : 2018-03-26 15:29 Updated : 2019-08-15 09:15

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Apache Http Server 2.4.29 cpe:/a:apache:http_server:2.4.29
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Netapp Santricity Cloud Connector - cpe:/a:netapp:santricity_cloud_connector:-
Netapp Storage Automation Store - cpe:/a:netapp:storage_automation_store:-
Netapp Storagegrid - cpe:/a:netapp:storagegrid:-
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 17.10 cpe:/o:canonical:ubuntu_linux:17.10
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Canonical Ubuntu Linux 12.04 cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~
Netapp Clustered Data Ontap - cpe:/o:netapp:clustered_data_ontap:-
Redhat Enterprise Linux 7.0 cpe:/o:redhat:enterprise_linux:7.0
Redhat Enterprise Linux 7.4 cpe:/o:redhat:enterprise_linux:7.4
Redhat Enterprise Linux 7.5 cpe:/o:redhat:enterprise_linux:7.5
Redhat Enterprise Linux 7.6 cpe:/o:redhat:enterprise_linux:7.6
Redhat Enterprise Linux 6.0 cpe:/o:redhat:enterprise_linux:6.0
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (5) Search CVE
      1. 14.04
      2. 16.04
      3. 17.10
      4. 18.04
      5. 12.04
  2. Redhat (1) Search CVE
    1. Enterprise Linux (5) Search CVE
      1. 7.0
      2. 7.4
      3. 7.5
      4. 7.6
      5. 6.0
  3. Netapp (4) Search CVE
    1. Santricity Cloud Connector (1) Search CVE
      1. -
    2. Clustered Data Ontap (1) Search CVE
      1. -
    3. Storage Automation Store (1) Search CVE
      1. -
    4. Storagegrid (1) Search CVE
      1. -
  4. Apache (1) Search CVE
    1. Http Server (1) Search CVE
      1. 2.4.29
  5. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 8.0
      2. 9.0
      3. 7.0

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2019-08-15 09:15
2019-04-22 17:48
2019-04-18 16:27
2019-04-10 16:29
2019-02-19 11:29
2019-02-07 11:29
2018-11-13 11:29
2018-06-03 01:29
2018-06-01 01:29
2018-05-02 01:29
2018-04-21 01:29
2018-04-18 16:05
2018-04-05 01:29
2018-03-29 01:29
2018-03-28 01:29
2018-03-26 15:29

New CVE