CVE-2018-1303

Publication date 26 March 2018

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apache2	18.04 LTS bionic	Fixed 2.4.29-1ubuntu4.1
	17.10 artful	Fixed 2.4.27-2ubuntu4.1
	16.04 LTS xenial	Fixed 2.4.18-2ubuntu3.8
	14.04 LTS trusty	Fixed 2.4.7-1ubuntu4.20

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
apache2	Upstream: https://svn.apache.org/viewvc?view=revision&revision=1824343 Upstream: https://svn.apache.org/viewvc?view=revision&revision=1824475

Severity score breakdown

Parameter	Value
Base score	7.5 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2018-1303

Cvss 3 Severity Score

Status

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references