Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1302

Опубликовано: 26 мар. 2018
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Средний

Описание

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия до 2.4.29 (включая)
Конфигурация 2
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.11001
Средний

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2018-1302

CVSS3: 5.9
ubuntu
почти 8 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

redhat логотип

CVE-2018-1302

CVSS3: 5.9
redhat
почти 8 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

debian логотип

CVE-2018-1302

CVSS3: 5.9
debian
почти 8 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HT ...

github логотип

GHSA-x452-9h59-82pg

CVSS3: 5.9
github
больше 3 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

fstec логотип

BDU:2021-01454

CVSS3: 5.3
fstec
почти 8 лет назад

Уязвимость потока HTTP/2 веб-сервера Apache HTTP Server, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%
0.11001
Средний

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476