CVE-2018-8011 (GCVE-0-2018-8011)

Vulnerability from cvelistv5 – Published: 2018-07-18 14:00 – Updated: 2024-09-16 22:30

Summary

Severity ?

No CVSS data available.

CWE

(undefined)

Assigner

apache

References

URL

Tags

	http://www.securitytracker.com/id/1041401	vdb-entryx_refsource_SECTRACK
	https://security.netapp.com/advisory/ntap-2018092…	x_refsource_CONFIRM
	https://httpd.apache.org/security/vulnerabilities…	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/56c2e7cc9deb…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/84a3714f0878…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd18c3c43602…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re3d27b6250a…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rf6449464fd8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r06f0d87ebb6…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rc998b18880d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r03ee478b3dd…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd2fb621142e…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9f93cf6dde3…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re473305a65b…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r76142b8c511…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache HTTP Server	Affected: Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)

Credits

The issue was discovered by Daniel Caminada <daniel.caminada@ergon.ch>.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:11.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041401",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041401"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180926-0007/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The issue was discovered by Daniel Caminada \u003cdaniel.caminada@ergon.ch\u003e."
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://httpd.apache.org/security/impact_levels.html#moderate",
              "value": "moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "(undefined)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:11:20",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "1041401",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041401"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180926-0007/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
        }
      ],
      "title": "mod_md, DoS via Coredumps on specially crafted requests",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2018-07-17",
          "ID": "CVE-2018-8011",
          "STATE": "PUBLIC",
          "TITLE": "mod_md, DoS via Coredumps on specially crafted requests"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache HTTP Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "The issue was discovered by Daniel Caminada \u003cdaniel.caminada@ergon.ch\u003e."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://httpd.apache.org/security/impact_levels.html#moderate",
            "value": "moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "(undefined)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041401",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041401"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180926-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180926-0007/"
            },
            {
              "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011",
              "refsource": "CONFIRM",
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8011",
    "datePublished": "2018-07-18T14:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-16T22:30:24.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"344A54D6-1120-4EFB-990D-2837562889A2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).\"}, {\"lang\": \"es\", \"value\": \"Manipulando especialmente peticiones HTTP, el manipulador challenge mod_md desreferencia un puntero NULL y hace que el proceso hijo entre en segfault. Esto podr\\u00eda emplearse para provocar una denegaci\\u00f3n de servicio (DoS) en el servidor. Esto se ha solucionado en Apache HTTP Server 2.4.34 (2.4.33 afectada).\"}]",
      "id": "CVE-2018-8011",
      "lastModified": "2024-11-21T04:13:05.253",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-18T14:29:00.307",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1041401\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180926-0007/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1041401\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180926-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8011\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-07-18T14:29:00.307\",\"lastModified\":\"2024-11-21T04:13:05.253\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).\"},{\"lang\":\"es\",\"value\":\"Manipulando especialmente peticiones HTTP, el manipulador challenge mod_md desreferencia un puntero NULL y hace que el proceso hijo entre en segfault. Esto podr\u00eda emplearse para provocar una denegaci\u00f3n de servicio (DoS) en el servidor. Esto se ha solucionado en Apache HTTP Server 2.4.34 (2.4.33 afectada).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"344A54D6-1120-4EFB-990D-2837562889A2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1041401\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180926-0007/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1041401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180926-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2022-09234

Vulnerability from cnvd - Published: 2022-02-09

Title

Apache HTTP Server mod_md拒绝服务漏洞

Description

Apache HTTP Server是美国阿帕奇（Apache）软件基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.33版本中存在安全漏洞。攻击者可通过发送特制的HTTP请求利用该漏洞造成拒绝服务（空指针逆向引用和段错误）。

Severity

中

Patch Name

Apache HTTP Server mod_md拒绝服务漏洞的补丁

Patch Description

Apache HTTP Server是美国阿帕奇（Apache）软件基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.33版本中存在安全漏洞。攻击者可通过发送特制的HTTP请求利用该漏洞造成拒绝服务（空指针逆向引用和段错误）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-8011

Impacted products

Name
Apache Apache httpd 2.4.33

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8011",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2018-8011"
    }
  },
  "description": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\n\nApache HTTP Server 2.4.33\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\u548c\u6bb5\u9519\u8bef\uff09\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-09234",
  "openTime": "2022-02-09",
  "patchDescription": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\r\n\r\nApache HTTP Server 2.4.33\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\u548c\u6bb5\u9519\u8bef\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache HTTP Server mod_md\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Apache httpd 2.4.33"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-8011",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-10",
  "title": "Apache HTTP Server mod_md\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

SUSE-SU-2018:2424-1

Vulnerability from csaf_suse - Published: 2018-08-17 16:21 - Updated: 2018-08-17 16:21

Summary

Security update for apache2

Notes

Title of the patch

Security update for apache2

Description of the patch

This update for apache2 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests (bsc#1101689). - CVE-2018-8011: Fixed a null pointer dereference in mod_md, which could have lead to a denial of service via specially crafted HTTP requests (bsc#1101688). Note: We are currently not shipping this modules, since it is still considered experimental, but we might start to ship it with future releases.

Patchnames

SUSE-SLE-Module-Server-Applications-15-2018-1686

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for apache2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for apache2 fixes the following issues:\n\nThe following security vulnerabilities were fixed:\n\n- CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial\n  of service via specially crafted HTTP/2 requests (bsc#1101689).\n- CVE-2018-8011: Fixed a null pointer dereference in mod_md, which could have\n  lead to a denial of service via specially crafted HTTP requests (bsc#1101688).\n  Note: We are currently not shipping this modules, since it is still considered\n  experimental, but we might start to ship it with future releases.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Module-Server-Applications-15-2018-1686",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2424-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2424-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182424-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2424-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004472.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101688",
        "url": "https://bugzilla.suse.com/1101688"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101689",
        "url": "https://bugzilla.suse.com/1101689"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1333 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1333/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8011 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8011/"
      }
    ],
    "title": "Security update for apache2",
    "tracking": {
      "current_release_date": "2018-08-17T16:21:39Z",
      "generator": {
        "date": "2018-08-17T16:21:39Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2424-1",
      "initial_release_date": "2018-08-17T16:21:39Z",
      "revision_history": [
        {
          "date": "2018-08-17T16:21:39Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.4.33-3.3.1.aarch64",
                "product": {
                  "name": "apache2-2.4.33-3.3.1.aarch64",
                  "product_id": "apache2-2.4.33-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-devel-2.4.33-3.3.1.aarch64",
                "product": {
                  "name": "apache2-devel-2.4.33-3.3.1.aarch64",
                  "product_id": "apache2-devel-2.4.33-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-prefork-2.4.33-3.3.1.aarch64",
                "product": {
                  "name": "apache2-prefork-2.4.33-3.3.1.aarch64",
                  "product_id": "apache2-prefork-2.4.33-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-utils-2.4.33-3.3.1.aarch64",
                "product": {
                  "name": "apache2-utils-2.4.33-3.3.1.aarch64",
                  "product_id": "apache2-utils-2.4.33-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-worker-2.4.33-3.3.1.aarch64",
                "product": {
                  "name": "apache2-worker-2.4.33-3.3.1.aarch64",
                  "product_id": "apache2-worker-2.4.33-3.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-doc-2.4.33-3.3.1.noarch",
                "product": {
                  "name": "apache2-doc-2.4.33-3.3.1.noarch",
                  "product_id": "apache2-doc-2.4.33-3.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.4.33-3.3.1.ppc64le",
                "product": {
                  "name": "apache2-2.4.33-3.3.1.ppc64le",
                  "product_id": "apache2-2.4.33-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-devel-2.4.33-3.3.1.ppc64le",
                "product": {
                  "name": "apache2-devel-2.4.33-3.3.1.ppc64le",
                  "product_id": "apache2-devel-2.4.33-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-prefork-2.4.33-3.3.1.ppc64le",
                "product": {
                  "name": "apache2-prefork-2.4.33-3.3.1.ppc64le",
                  "product_id": "apache2-prefork-2.4.33-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-utils-2.4.33-3.3.1.ppc64le",
                "product": {
                  "name": "apache2-utils-2.4.33-3.3.1.ppc64le",
                  "product_id": "apache2-utils-2.4.33-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-worker-2.4.33-3.3.1.ppc64le",
                "product": {
                  "name": "apache2-worker-2.4.33-3.3.1.ppc64le",
                  "product_id": "apache2-worker-2.4.33-3.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.4.33-3.3.1.s390x",
                "product": {
                  "name": "apache2-2.4.33-3.3.1.s390x",
                  "product_id": "apache2-2.4.33-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-devel-2.4.33-3.3.1.s390x",
                "product": {
                  "name": "apache2-devel-2.4.33-3.3.1.s390x",
                  "product_id": "apache2-devel-2.4.33-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-prefork-2.4.33-3.3.1.s390x",
                "product": {
                  "name": "apache2-prefork-2.4.33-3.3.1.s390x",
                  "product_id": "apache2-prefork-2.4.33-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-utils-2.4.33-3.3.1.s390x",
                "product": {
                  "name": "apache2-utils-2.4.33-3.3.1.s390x",
                  "product_id": "apache2-utils-2.4.33-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-worker-2.4.33-3.3.1.s390x",
                "product": {
                  "name": "apache2-worker-2.4.33-3.3.1.s390x",
                  "product_id": "apache2-worker-2.4.33-3.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.4.33-3.3.1.x86_64",
                "product": {
                  "name": "apache2-2.4.33-3.3.1.x86_64",
                  "product_id": "apache2-2.4.33-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-devel-2.4.33-3.3.1.x86_64",
                "product": {
                  "name": "apache2-devel-2.4.33-3.3.1.x86_64",
                  "product_id": "apache2-devel-2.4.33-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-prefork-2.4.33-3.3.1.x86_64",
                "product": {
                  "name": "apache2-prefork-2.4.33-3.3.1.x86_64",
                  "product_id": "apache2-prefork-2.4.33-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-utils-2.4.33-3.3.1.x86_64",
                "product": {
                  "name": "apache2-utils-2.4.33-3.3.1.x86_64",
                  "product_id": "apache2-utils-2.4.33-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache2-worker-2.4.33-3.3.1.x86_64",
                "product": {
                  "name": "apache2-worker-2.4.33-3.3.1.x86_64",
                  "product_id": "apache2-worker-2.4.33-3.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Server Applications 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Server Applications 15",
                  "product_id": "SUSE Linux Enterprise Module for Server Applications 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-server-applications:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.4.33-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.aarch64"
        },
        "product_reference": "apache2-2.4.33-3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.4.33-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.ppc64le"
        },
        "product_reference": "apache2-2.4.33-3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.4.33-3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.s390x"
        },
        "product_reference": "apache2-2.4.33-3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.4.33-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.x86_64"
        },
        "product_reference": "apache2-2.4.33-3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-devel-2.4.33-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.aarch64"
        },
        "product_reference": "apache2-devel-2.4.33-3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-devel-2.4.33-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.ppc64le"
        },
        "product_reference": "apache2-devel-2.4.33-3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-devel-2.4.33-3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.s390x"
        },
        "product_reference": "apache2-devel-2.4.33-3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-devel-2.4.33-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.x86_64"
        },
        "product_reference": "apache2-devel-2.4.33-3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-doc-2.4.33-3.3.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.3.1.noarch"
        },
        "product_reference": "apache2-doc-2.4.33-3.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-prefork-2.4.33-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.aarch64"
        },
        "product_reference": "apache2-prefork-2.4.33-3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-prefork-2.4.33-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.ppc64le"
        },
        "product_reference": "apache2-prefork-2.4.33-3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-prefork-2.4.33-3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.s390x"
        },
        "product_reference": "apache2-prefork-2.4.33-3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-prefork-2.4.33-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.x86_64"
        },
        "product_reference": "apache2-prefork-2.4.33-3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-utils-2.4.33-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.aarch64"
        },
        "product_reference": "apache2-utils-2.4.33-3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-utils-2.4.33-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.ppc64le"
        },
        "product_reference": "apache2-utils-2.4.33-3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-utils-2.4.33-3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.s390x"
        },
        "product_reference": "apache2-utils-2.4.33-3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-utils-2.4.33-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.x86_64"
        },
        "product_reference": "apache2-utils-2.4.33-3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-worker-2.4.33-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.aarch64"
        },
        "product_reference": "apache2-worker-2.4.33-3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-worker-2.4.33-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.ppc64le"
        },
        "product_reference": "apache2-worker-2.4.33-3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-worker-2.4.33-3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.s390x"
        },
        "product_reference": "apache2-worker-2.4.33-3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-worker-2.4.33-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.x86_64"
        },
        "product_reference": "apache2-worker-2.4.33-3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1333",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1333"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.3.1.noarch",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1333",
          "url": "https://www.suse.com/security/cve/CVE-2018-1333"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101689 for CVE-2018-1333",
          "url": "https://bugzilla.suse.com/1101689"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.3.1.noarch",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.3.1.noarch",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T16:21:39Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-1333"
    },
    {
      "cve": "CVE-2018-8011",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8011"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.3.1.noarch",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8011",
          "url": "https://www.suse.com/security/cve/CVE-2018-8011"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101688 for CVE-2018-8011",
          "url": "https://bugzilla.suse.com/1101688"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.3.1.noarch",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.3.1.noarch",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T16:21:39Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-8011"
    }
  ]
}

VAR-201807-2071

Vulnerability from variot - Updated: 2023-12-18 10:44

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] httpd (SSA:2018-199-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.34-i586-1_slack14.2.txz: Upgraded. This update fixes two denial of service issues: mod_md: DoS via Coredumps on specially crafted requests mod_http2: DoS for HTTP/2 connections by specially crafted requests For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.34-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.34-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.34-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.34-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.34-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.34-x86_64-1_slack14.2.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.34-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.34-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 91123a66731b7803ebac0f55e3099e81 httpd-2.4.34-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 49c0a8ae83d724da460b73a78ddf1dda httpd-2.4.34-x86_64-1_slack14.0.txz

Slackware 14.1 package: d695afcd996b00f7dbe00c89bf1c0ee1 httpd-2.4.34-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 8ebc97729250d80d319174ff64ca2921 httpd-2.4.34-x86_64-1_slack14.1.txz

Slackware 14.2 package: 149a610e5280fcfbbe1066fa9cfeb970 httpd-2.4.34-i586-1_slack14.2.txz

Slackware x86_64 14.2 package: 7a35ce525340631b74e8ffe9e58f2b4c httpd-2.4.34-x86_64-1_slack14.2.txz

Slackware -current package: d95348a370dd9c2edc92c6f2274b8ce2 n/httpd-2.4.34-i586-1.txz

Slackware x86_64 -current package: daea307cb655b015c4bafcbec6ba9869 n/httpd-2.4.34-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg httpd-2.4.34-i586-1_slack14.2.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAltPwl8ACgkQakRjwEAQIjM2gACdFx/ujiL+fhuVlaiEFb30V3G4 a2EAn3DP5XwN0g9OQlrQ+shbkmVYyFHh =zaoO -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-2071",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "http server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "apache",
        "version": "2.4.33"
      },
      {
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "httpd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.4.33"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8011"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Slackware Security Team",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148615"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2018-8011",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-8011",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2022-09234",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-8011",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-8011",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-09234",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-1324",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-8011",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  httpd (SSA:2018-199-01)\n\nNew httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current\nto fix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/httpd-2.4.34-i586-1_slack14.2.txz:  Upgraded. \n  This update fixes two denial of service issues:\n  mod_md: DoS via Coredumps on specially crafted requests\n  mod_http2: DoS for HTTP/2 connections by specially crafted requests\n  For more information, see:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.34-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.34-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.34-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.34-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.34-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.34-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.34-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.34-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n91123a66731b7803ebac0f55e3099e81  httpd-2.4.34-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n49c0a8ae83d724da460b73a78ddf1dda  httpd-2.4.34-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nd695afcd996b00f7dbe00c89bf1c0ee1  httpd-2.4.34-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n8ebc97729250d80d319174ff64ca2921  httpd-2.4.34-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n149a610e5280fcfbbe1066fa9cfeb970  httpd-2.4.34-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n7a35ce525340631b74e8ffe9e58f2b4c  httpd-2.4.34-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nd95348a370dd9c2edc92c6f2274b8ce2  n/httpd-2.4.34-i586-1.txz\n\nSlackware x86_64 -current package:\ndaea307cb655b015c4bafcbec6ba9869  n/httpd-2.4.34-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg httpd-2.4.34-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address.      |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAltPwl8ACgkQakRjwEAQIjM2gACdFx/ujiL+fhuVlaiEFb30V3G4\na2EAn3DP5XwN0g9OQlrQ+shbkmVYyFHh\n=zaoO\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8011"
      },
      {
        "db": "PACKETSTORM",
        "id": "148615"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8011",
        "trust": 3.2
      },
      {
        "db": "SECTRACK",
        "id": "1041401",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4295",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1324",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8011",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148615",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "db": "PACKETSTORM",
        "id": "148615"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ]
  },
  "id": "VAR-201807-2071",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      }
    ],
    "trust": 0.9333333399999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      }
    ]
  },
  "last_update_date": "2023-12-18T10:44:18.900000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "moderate: mod_md, DoS via Coredumps on specially crafted requests (CVE-2018-8011)",
        "trust": 0.8,
        "url": "https://httpd.apache.org/security/vulnerabilities_24.html#cve-2018-8011"
      },
      {
        "title": "Patch for Apache HTTP Server mod_md Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/318211"
      },
      {
        "title": "Apache HTTP Server Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84107"
      },
      {
        "title": "Debian CVElist Bug Report Logs: apache2: CVE-2018-1333: DoS for HTTP/2 connections by crafted requests",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6b0c6c19aa8bba59bec7bdb98a8dde6d"
      },
      {
        "title": "Debian CVElist Bug Report Logs: apache2: CVE-2018-8011: mod_md, DoS via Coredumps on specially crafted requests",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9de45dc43deffd8b5a3e92a4095764b5"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2018-1062",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1062"
      },
      {
        "title": "Red Hat: CVE-2018-8011",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-8011"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-8011"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201807-12] apache: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201807-12"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2018-1062",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2018-1062"
      },
      {
        "title": "Symantec Security Advisories: Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=d2f801f4ee4b743c8db2cea35625dd16"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8011"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1041401"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20180926-0007/"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8011"
      },
      {
        "trust": 1.1,
        "url": "https://httpd.apache.org/security/vulnerabilities_24.html#cve-2018-8011"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8011"
      },
      {
        "trust": 0.6,
        "url": "httpd.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "httpd.apache.org/security/vulnerabilities_24.html#cve-2018-8011"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4295/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58444"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1333"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1333"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "db": "PACKETSTORM",
        "id": "148615"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "db": "PACKETSTORM",
        "id": "148615"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-02-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      },
      {
        "date": "2018-07-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-8011"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "date": "2018-07-19T15:52:29",
        "db": "PACKETSTORM",
        "id": "148615"
      },
      {
        "date": "2018-07-18T14:29:00.307000",
        "db": "NVD",
        "id": "CVE-2018-8011"
      },
      {
        "date": "2018-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-02-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-09234"
      },
      {
        "date": "2021-06-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-8011"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      },
      {
        "date": "2023-11-07T03:01:20.857000",
        "db": "NVD",
        "id": "CVE-2018-8011"
      },
      {
        "date": "2021-06-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache HTTP Server In  NULL Pointer dereference vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008181"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1324"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-8011

Vulnerability from fkie_nvd - Published: 2018-07-18 14:29 - Updated: 2024-11-21 04:13

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security@apache.org	http://www.securitytracker.com/id/1041401	Third Party Advisory, VDB Entry
security@apache.org	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011	Vendor Advisory
security@apache.org	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://security.netapp.com/advisory/ntap-20180926-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041401	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20180926-0007/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	apache	http_server	2.4.33
	netapp	cloud_backup	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "344A54D6-1120-4EFB-990D-2837562889A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)."
    },
    {
      "lang": "es",
      "value": "Manipulando especialmente peticiones HTTP, el manipulador challenge mod_md desreferencia un puntero NULL y hace que el proceso hijo entre en segfault. Esto podr\u00eda emplearse para provocar una denegaci\u00f3n de servicio (DoS) en el servidor. Esto se ha solucionado en Apache HTTP Server 2.4.34 (2.4.33 afectada)."
    }
  ],
  "id": "CVE-2018-8011",
  "lastModified": "2024-11-21T04:13:05.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-18T14:29:00.307",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041401"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180926-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180926-0007/"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-8011

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-8011

Aliases

CVE-2018-8011

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8011",
    "description": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).",
    "id": "GSD-2018-8011",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-8011.html",
      "https://security.archlinux.org/CVE-2018-8011",
      "https://alas.aws.amazon.com/cve/html/CVE-2018-8011.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8011"
      ],
      "details": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).",
      "id": "GSD-2018-8011",
      "modified": "2023-12-13T01:22:34.061337Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2018-07-17",
        "ID": "CVE-2018-8011",
        "STATE": "PUBLIC",
        "TITLE": "mod_md, DoS via Coredumps on specially crafted requests"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache HTTP Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "The issue was discovered by Daniel Caminada \u003cdaniel.caminada@ergon.ch\u003e."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)."
          }
        ]
      },
      "impact": [
        {
          "lang": "eng",
          "url": "https://httpd.apache.org/security/impact_levels.html#moderate",
          "value": "moderate"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "(undefined)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1041401",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041401"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20180926-0007/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20180926-0007/"
          },
          {
            "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011",
            "refsource": "CONFIRM",
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2018-8011"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"
            },
            {
              "name": "1041401",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041401"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180926-0007/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180926-0007/"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-06-06T11:15Z",
      "publishedDate": "2018-07-18T14:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-8011 (GCVE-0-2018-8011)

CNVD-2022-09234

SUSE-SU-2018:2424-1

VAR-201807-2071

upgradepkg httpd-2.4.34-i586-1_slack14.2.txz

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

FKIE_CVE-2018-8011

GSD-2018-8011

Tags

Sightings

Nomenclature