CVE-2018-1301 (retired)

Priority
Description
A specially crafted request could have crashed the Apache HTTP Server prior
to version 2.4.30, due to an out of bound access after a size limit is
reached by reading the HTTP header. This vulnerability is considered very
hard if not impossible to trigger in non-debug mode (both log and build
level), so it is classified as low risk for common server usage.
Assigned-to
mdeslaur
Package
Upstream:released (2.4.30)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.2.22-1ubuntu1.15)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.4.7-1ubuntu4.20)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.4.18-2ubuntu3.8)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.4.29-1ubuntu4.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.4.29-1ubuntu4.1)
Ubuntu 19.04 (Disco Dingo):released (2.4.29-1ubuntu4.1)
Patches:
Upstream:https://svn.apache.org/viewvc?view=revision&revision=1824303
Upstream:https://svn.apache.org/viewvc?view=revision&revision=1824469 (2.4)
More Information

Updated: 2019-04-10 16:14:54 UTC (commit 41fee6f62761536032ac94317096b0087233fcfa)