Описание
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | httpd | Will not fix | ||
| Red Hat Enterprise Linux 6 | httpd | Fix deferred | ||
| Red Hat Enterprise Linux 8 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd | Will not fix | ||
| Red Hat JBoss Web Server 3 | httpd | Not affected | ||
| Red Hat Mobile Application Platform 4 | rhmap-httpd-docker | Will not fix | ||
| JBoss Core Services on RHEL 6 | jbcs-httpd24 | Fixed | RHSA-2019:0367 | 18.02.2019 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apache-commons-daemon-jsvc | Fixed | RHSA-2019:0367 | 18.02.2019 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apr | Fixed | RHSA-2019:0367 | 18.02.2019 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apr-util | Fixed | RHSA-2019:0367 | 18.02.2019 |
Показывать по
Дополнительная информация
Статус:
3.7 Low
CVSS3
Связанные уязвимости
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
A specially crafted request could have crashed the Apache HTTP Server ...
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
Уязвимость веб-сервера Apache HTTP Server, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
3.7 Low
CVSS3