SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache HTTPD Vendors:   Apache Software Foundation
Apache HTTPD Out-of-bounds Memory Read Error in mod_cache_socache Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1040572
SecurityTracker URL:  http://securitytracker.com/id/1040572
CVE Reference:   CVE-2018-1303   (Links to External Site)
Date:  Mar 26 2018
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4.5 to 2.4.29
Description:   A vulnerability was reported in Apache HTTPD mod_cache_socache. A remote user can cause the target service to crash.

A remote user can send a specially crafted HTTP request header to trigger an out-of-bounds memory read error in mod_cache_socache and cause the target service to crash.

Robert Swiecki reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   The vendor has issued a fix (2.4.30).

The vendor advisory is available at:

http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1303

Vendor URL:  httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1303 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  CVE-2018-1303: Possible out of bound read in mod_cache_socache


CVE-2018-1303: Possible out of bound read in mod_cache_socache

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.5 to 2.4.29

Description:
A specially crafted HTTP request header could have crashed the Apache HTTP
Server prior to version 2.4.30 due to an out of bound read while preparing data
to be cached in shared memory. It could be used as a Denial of Service attack
against users of mod_cache_socache.

Mitigation:
All httpd users should upgrade to 2.4.30 or later.

Credit:
The issue was discovered by Robert Swiecki, bug found by honggfuzz

References:
https://httpd.apache.org/security/vulnerabilities_24.html
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC