apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)
CVE-2018-1333: DoS for HTTP/2 connections by crafted requests
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary,
leading to worker exhaustion and a denial of service.
Fixed In Version:
Apache HTTP Server 2.4.34
References:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-1333
http://www.openwall.com/lists/oss-security/2018/07/18/1
CVE-2018-8011: mod_md, DoS via Coredumps on specially crafted requests
By specially crafting HTTP requests, the mod_md challenge handler would
dereference a NULL pointer
and cause the child process to segfault. This could be used to DoS the
server.
Fixed In Version:
Apache HTTP Server 2.4.34
Reference:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-8011
http://www.openwall.com/lists/oss-security/2018/07/18/2
(from redmine: issue id 9263, created on 2018-08-17, closed on 2018-08-20)
- Relations:
- copied_to #9264 (closed)
- copied_to #9265 (closed)
- copied_to #9266 (closed)
- copied_to #9267 (closed)
- child #9264 (closed)
- child #9265 (closed)
- child #9266 (closed)
- child #9267 (closed)