CLD-481 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-8011 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) apache
Deficiency Type SECURITY
Date Created 2018-07-18 14:24:13
Date Last Modified 2018-07-18 14:26:33

Version Specific Information:

Cucumber 1.0 i686fixed in apache-2.4.34-i686-1
Cucumber 1.0 x86_64fixed in apache-2.4.34-x86_64-1

Cucumber 1.1 i686 fixed in apache-2.4.34-i686-1
Cucumber 1.1 x86_64 fixed in apache-2.4.34-x86_64-1

Details:

From osssec (oss-security@lists.openwall.org):

CVE-2018-8011: mod_md DoS via Coredumps on specially crafted requests

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.33

Description:
By specially crafting HTTP requests, the mod_md challenge
handler would dereference a NULL pointer and cause the child
process to segfault. This could be used to DoS the server

Mitigation:
All httpd users should upgrade to 2.4.34 or later.

Credit:
The issue was discovered by Daniel Caminada

References:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011