httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications

🗓️ 18 Feb 2019 16:55:17Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

Apache httpd mod_session allows remote attackers to modify CGI session data via Session header.

Reporter	Title	Published	Views	Family All 122
ALT Linux	Security fix for the ALT Linux 8 package apache2 version 1:2.4.33-alt1	31 Mar 201800:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1	31 Mar 201800:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package apache2 version 1:2.4.33-alt1	31 Mar 201800:00	–	altlinux
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	27 Jan 202100:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	27 Jan 202100:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System	10 Nov 202010:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2018-1283, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)	20 Apr 202014:40	–	ibm
Amazon	Medium: httpd24	3 May 201800:00	–	amazon
Tenable Nessus	Amazon Linux AMI : httpd24 (ALAS-2018-1004)	4 May 201800:00	–	nessus
Tenable Nessus	Apache 2.4.x < 2.4.33 Multiple Vulnerabilities (deprecated)	30 Mar 201800:00	–	nessus

Vulners

Node

redhat jboss_core_servicesRange<1

AND

redhat enterprise_linux

Source	Link
access	www.access.redhat.com/security/cve/CVE-2018-1283
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-1283
cve	www.cve.org/CVERecord

28 Jun 2026 12:31Current

7.2High risk

Vulners AI Score7.2

CVSS 23.5

CVSS 35.3

EPSS0.10118

Apache HTTP Server mod session Session header cgi applications remote attacker