UbuntuUSN-3627-2Apache HTTP Server vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.963 High
EPSS
Percentile
99.5%
Releases
- Ubuntu 18.04 ESM
Packages
- apache2 - Apache HTTP server
Details
USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update
provides the corresponding updates for Ubuntu 18.04 LTS.
Original advisory details:
Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server
mod_authnz_ldap module incorrectly handled missing charset encoding
headers. A remote attacker could possibly use this issue to cause the
server to crash, resulting in a denial of service. (CVE-2017-15710)
Elar Lang discovered that the Apache HTTP Server incorrectly handled
certain characters specified in . A remote attacker could
possibly use this issue to upload certain files, contrary to expectations.
(CVE-2017-15715)
It was discovered that the Apache HTTP Server mod_session module
incorrectly handled certain headers. A remote attacker could possibly use
this issue to influence session data. (CVE-2018-1283)
Robert Swiecki discovered that the Apache HTTP Server incorrectly handled
certain requests. A remote attacker could possibly use this issue to cause
the server to crash, leading to a denial of service. (CVE-2018-1301)
Robert Swiecki discovered that the Apache HTTP Server mod_cache_socache
module incorrectly handled certain headers. A remote attacker could
possibly use this issue to cause the server to crash, leading to a denial
of service. (CVE-2018-1303)
Nicolas Daniels discovered that the Apache HTTP Server incorrectly
generated the nonce when creating HTTP Digest authentication challenges.
A remote attacker could possibly use this issue to replay HTTP requests
across a cluster of servers. (CVE-2018-1312)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | apache2-bin | < 2.4.29-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2 | < 2.4.29-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-data | < 2.4.29-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-dbg | < 2.4.29-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-dev | < 2.4.29-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-doc | < 2.4.29-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-ssl-dev | < 2.4.29-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-suexec-custom | < 2.4.29-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-suexec-pristine | < 2.4.29-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | apache2-utils | < 2.4.29-1ubuntu4.1 | UNKNOWN |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.963 High
EPSS
Percentile
99.5%