Project

General

Profile

Bug #9264

Bug #9263: apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)

[3.8] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)

Added by Alicha CH 8 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
08/17/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-1333: DoS for HTTP/2 connections by crafted requests

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary,
leading to worker exhaustion and a denial of service.

Fixed In Version:

Apache HTTP Server 2.4.34

References:

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333
http://www.openwall.com/lists/oss-security/2018/07/18/1

CVE-2018-8011: mod_md, DoS via Coredumps on specially crafted requests

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer
and cause the child process to segfault. This could be used to DoS the server.

Fixed In Version:

Apache HTTP Server 2.4.34

Reference:

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011
http://www.openwall.com/lists/oss-security/2018/07/18/2


Related issues

Copied from Alpine Linux - Bug #9263: apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)Closed08/17/2018

Associated revisions

Revision d0eedffb (diff)
Added by Andy Postnikov 8 months ago

main/apache2: security upgrade to 2.4.34

fixes #9264

History

#1 Updated by Alicha CH 8 months ago

  • Copied from Bug #9263: apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011) added

#2 Updated by Andy Postnikov 8 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 8 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-1333, CVE-2018-8011)

Also available in: Atom PDF