Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1283

Опубликовано: 26 мар. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 3.5
CVSS3: 5.3

Описание

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.

РелизСтатусПримечание
artful

released

2.4.27-2ubuntu4.1
bionic

released

2.4.29-1ubuntu4.1
devel

released

2.4.29-1ubuntu4.1
esm-infra-legacy/trusty

not-affected

2.4.7-1ubuntu4.20
esm-infra/bionic

not-affected

2.4.29-1ubuntu4.1
esm-infra/xenial

not-affected

2.4.18-2ubuntu3.8
precise/esm

not-affected

trusty

released

2.4.7-1ubuntu4.20
trusty/esm

not-affected

2.4.7-1ubuntu4.20
upstream

released

2.4.30

Показывать по

Ссылки на источники

EPSS

Процентиль: 90%
0.05646
Низкий

3.5 Low

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1283

CVSS3: 4.8
redhat
около 7 лет назад

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.

nvd логотип

CVE-2018-1283

CVSS3: 5.3
nvd
около 7 лет назад

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.

debian логотип

CVE-2018-1283

CVSS3: 5.3
debian
около 7 лет назад

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to for ...

github логотип

GHSA-69h6-845f-grx4

CVSS3: 5.3
github
около 3 лет назад

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.

fstec логотип

BDU:2019-04308

CVSS3: 4.3
fstec
около 7 лет назад

Уязвимость модуля mod_session веб-сервера Apache HTTP Server, позволяющая нарушителю оказать воздействие на целостность защищаемых данных

EPSS

Процентиль: 90%
0.05646
Низкий

3.5 Low

CVSS2

5.3 Medium

CVSS3