Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1302

Опубликовано: 21 мар. 2018
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5httpdNot affected
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat Enterprise Linux 8httpdNot affected
Red Hat Enterprise Linux 8mod_http2Will not fix
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat JBoss Web Server 3httpdNot affected
Red Hat Mobile Application Platform 4rhmap-httpd-dockerNot affected
Red Hat Software Collectionshttpd24-httpdNot affected
JBoss Core Services on RHEL 6jbcs-httpd24FixedRHSA-2019:036718.02.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1560625httpd: Use-after-free on HTTP/2 stream shutdown

EPSS

Процентиль: 84%
0.02074
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1302

CVSS3: 5.9
ubuntu
почти 8 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

nvd логотип

CVE-2018-1302

CVSS3: 5.9
nvd
почти 8 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

debian логотип

CVE-2018-1302

CVSS3: 5.9
debian
почти 8 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HT ...

github логотип

GHSA-x452-9h59-82pg

CVSS3: 5.9
github
больше 3 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

fstec логотип

BDU:2021-01454

CVSS3: 5.3
fstec
почти 8 лет назад

Уязвимость потока HTTP/2 веб-сервера Apache HTTP Server, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 84%
0.02074
Низкий

5.9 Medium

CVSS3