A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.

References

bugzilla.redhat.com/show_bug.cgi?id=1560643

httpd.apache.org/security/vulnerabilities_24.html

alpinelinux 1

httpd 1

osv 3

cve 1

ubuntucve 1

prion 1

nessus 37

f5 1

veracode 4

ibm 20

debiancve 1

openvas 13

debian 3

oraclelinux 1

redhat 4

centos 1

ubuntu 3

suse 2

fedora 3

kaspersky 1

altlinux 3

freebsd 1

amazon 1

archlinux 1

mageia 1

symantec 1

photon 3

alpinelinux

CVE-2018-1301

2018-03-26 15:29:00

httpd

Apache Httpd < 2.4.33 : Possible out of bound access after failure in reading the HTTP request

2018-01-23 00:00:00

osv

CVE-2018-1301

2018-03-26 15:29:00

apache2 - security update

2018-05-30 00:00:00

apache2 - security update

2018-04-03 00:00:00

cve

CVE-2018-1301

2018-03-26 15:29:00

ubuntucve

CVE-2018-1301

2018-03-26 00:00:00

prion

Design/Logic Flaw

2018-03-26 15:29:00

nessus

F5 Networks BIG-IP : Apache HTTPD vulnerability (K78131906)

2023-11-03 00:00:00

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-2593)

2019-12-18 00:00:00

Scientific Linux Security Update : httpd on SL7.x x86_64 (20200407)

2020-04-21 00:00:00

K78131906 : Apache HTTPD vulnerability CVE-2018-1301

2018-04-11 00:00:00

veracode

Denial Of Service (DoS)

2019-05-16 03:21:43

Denial Of Service

2019-05-16 03:38:53

Path Traversal

2019-05-16 03:38:52

ibm

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

2020-11-10 10:21:41

Security Bulletin: Vulnerability in httpd (CVE-2018-17199 and CVE-2018-1301).

2021-09-22 23:38:15

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect Rational Build Forge (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)

2020-04-20 14:39:53

debiancve

CVE-2018-1301

2018-03-26 15:29:00

openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2593)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2402)

2020-01-23 00:00:00

Debian LTS: Security Advisory for apache2 (DLA-1389-1)

2018-06-04 00:00:00

debian

[SECURITY] [DLA 1389-1] apache2 security update

2018-05-30 13:24:40

[SECURITY] [DSA 4164-1] apache2 security update

2018-04-03 16:02:15

[SECURITY] [DSA 4164-1] apache2 security update

2018-04-03 16:02:15

oraclelinux

httpd security, bug fix, and enhancement update

2020-04-06 00:00:00

redhat

(RHSA-2020:1121) Moderate: httpd security, bug fix, and enhancement update

2020-03-31 09:21:40

(RHSA-2019:0367) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

2019-02-18 16:47:10

(RHSA-2019:0366) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update

2019-02-18 16:45:31

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2020-04-08 18:07:48

ubuntu

Apache vulnerabilities

2019-04-10 00:00:00

Apache HTTP Server vulnerabilities

2018-04-19 00:00:00

Apache HTTP Server vulnerabilities

2018-04-30 00:00:00

suse

Security update for apache2 (important)

2018-04-05 21:09:45

Security update for apache2 (important)

2018-04-09 03:07:20

fedora

[SECURITY] Fedora 28 Update: httpd-2.4.33-2.fc28

2018-04-05 11:50:14

[SECURITY] Fedora 27 Update: httpd-2.4.33-2.fc27

2018-04-05 23:59:00

[SECURITY] Fedora 26 Update: httpd-2.4.33-4.fc26

2018-05-12 18:27:28

kaspersky

KLA12361 Multiple vulnerabilities in Apache HTTP Server

2018-03-21 00:00:00

altlinux

Security fix for the ALT Linux 8 package apache2 version 1:2.4.33-alt1

2018-03-31 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1

2018-03-31 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.33-alt1

2018-03-31 00:00:00

freebsd

apache -- multiple vulnerabilities

2018-03-23 00:00:00

amazon

Medium: httpd24

2018-05-03 16:29:00

archlinux

[ASA-201804-4] apache: multiple issues

2018-04-04 00:00:00

mageia

Updated apache packages fix security vulnerabilities

2018-11-20 14:11:24

symantec

Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018

2018-11-07 08:01:01

photon

Critical Photon OS Security Update - PHSA-2018-0039

2018-04-27 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0126

2018-04-24 00:00:00

Critical Photon OS Security Update - PHSA-2018-0126

2018-04-24 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Related for RH:CVE-2018-1301