Описание
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.34-1 | package | |
| apache2 | not-affected | stretch | package | |
| apache2 | not-affected | jessie | package |
Примечания
https://www.openwall.com/lists/oss-security/2018/07/18/2
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011
EPSS
Связанные уязвимости
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
Уязвимость обработчика задач mod_md веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
EPSS