What Are You Looking For?

Sign Up
Arch Linux Security Advisory ASA-201807-12
=========================================
Severity: Medium
Date    : 2018-07-20
CVE-ID  : CVE-2018-1333 CVE-2018-8011
Package : apache
Type    : denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-736

Summary
======
The package apache before version 2.4.34-1 is vulnerable to denial of
service.

Resolution
=========
Upgrade to 2.4.34-1.

# pacman -Syu "apache>=2.4.34-1"

The problems have been fixed upstream in version 2.4.34.

Workaround
=========
None.

Description
==========
- CVE-2018-1333 (denial of service)

By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary, leading to worker exhaustion and a
denial of service.

- CVE-2018-8011 (denial of service)

By specially crafting HTTP requests, the mod_md challenge handler would
dereference a NULL pointer and cause the child process to segfault.
This could be used to DoS the server.

Impact
=====
A remote attacker is able to cause a denial of service via a crafted
HTTP request.

References
=========
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011
https://security.archlinux.org/CVE-2018-1333
https://security.archlinux.org/CVE-2018-8011

ArchLinux: 201807-12: apache: denial of service

July 21, 2018

Summary

- CVE-2018-1333 (denial of service) By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service.
- CVE-2018-8011 (denial of service)
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server.

Resolution

Upgrade to 2.4.34-1. # pacman -Syu "apache>=2.4.34-1"
The problems have been fixed upstream in version 2.4.34.

References

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011 https://security.archlinux.org/CVE-2018-1333 https://security.archlinux.org/CVE-2018-8011

Severity
Package : apache
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-736

Workaround

None.

Related News

Linux version of Qilin ransomware focuses on VMware ESXi

Dec 4, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Linus Torvalds on the State of Linux Today and How AI Figures in Its Future

Dec 6, 2023

How Meta Patches Linux at Hyperscale

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo