Executive Summary

Informations
NameCVE-2018-1301First vendor Publication2018-03-26
VendorCveLast vendor Modification2019-08-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application242
Application1
Application1
Application1
Os5
Os3
Os1
Os5

Nessus® Vulnerability Scanner

DateDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-6744ca470d.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-1_0-0126.nasl - Type : ACT_GATHER_INFO
2018-05-31Name : The remote Debian host is missing a security update.
File : debian_DLA-1389.nasl - Type : ACT_GATHER_INFO
2018-05-14Name : The remote Fedora host is missing a security update.
File : fedora_2018-e6d9251471.nasl - Type : ACT_GATHER_INFO
2018-05-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1004.nasl - Type : ACT_GATHER_INFO
2018-04-06Name : The remote Fedora host is missing a security update.
File : fedora_2018-375e3244b6.nasl - Type : ACT_GATHER_INFO
2018-04-04Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4164.nasl - Type : ACT_GATHER_INFO
2018-03-30Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_4_30.nasl - Type : ACT_GATHER_INFO
2018-03-27Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_f38187e72f6e11e88f07b499baebfeaf.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/103515
CONFIRM https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20180601-0004/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr...
DEBIAN https://www.debian.org/security/2018/dsa-4164
MLIST http://www.openwall.com/lists/oss-security/2018/03/24/2
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e8029...
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277...
https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html
REDHAT https://access.redhat.com/errata/RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2019:0366
https://access.redhat.com/errata/RHSA-2019:0367
SECTRACK http://www.securitytracker.com/id/1040573
UBUNTU https://usn.ubuntu.com/3627-1/
https://usn.ubuntu.com/3627-2/
https://usn.ubuntu.com/3937-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
DateInformations
2019-08-15 13:19:33
  • Multiple Updates
2019-04-22 21:19:16
  • Multiple Updates
2019-04-18 21:19:03
  • Multiple Updates
2019-04-10 21:19:20
  • Multiple Updates
2019-03-27 00:19:06
  • Multiple Updates
2019-02-19 17:19:05
  • Multiple Updates
2019-02-07 17:19:11
  • Multiple Updates
2018-11-13 17:19:24
  • Multiple Updates
2018-09-22 12:08:01
  • Multiple Updates
2018-06-03 09:19:44
  • Multiple Updates
2018-06-01 09:19:28
  • Multiple Updates
2018-05-02 09:19:26
  • Multiple Updates
2018-04-21 09:19:35
  • Multiple Updates
2018-04-20 21:19:51
  • Multiple Updates
2018-04-18 21:19:26
  • Multiple Updates
2018-04-05 09:19:43
  • Multiple Updates
2018-03-29 09:19:30
  • Multiple Updates
2018-03-28 12:09:06
  • Multiple Updates
2018-03-26 21:20:20
  • First insertion