CVE-2018-1303 (retired)

Priority
Description
A specially crafted HTTP request header could have crashed the Apache HTTP
Server prior to version 2.4.30 due to an out of bound read while preparing
data to be cached in shared memory. It could be used as a Denial of Service
attack against users of mod_cache_socache. The vulnerability is considered
as low risk since mod_cache_socache is not widely used, mod_cache_disk is
not concerned by this vulnerability.
Assigned-to
mdeslaur
Package
Upstream:released (2.4.30)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):released (2.4.18-2ubuntu3.8)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.4.29-1ubuntu4.1)
Patches:
Upstream:https://svn.apache.org/viewvc?view=revision&revision=1824343
Upstream:https://svn.apache.org/viewvc?view=revision&revision=1824475 (2.4)
More Information

Updated: 2019-09-19 16:05:36 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)