|
|||
Rule General Information |
---|
Release Date: | 2020-04-29 | |
Rule Name: | Apache httpd mod_md Null Pointer Dereference Vulnerability (CVE-2018-8011) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). | |
Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
Affected OS: | Windows, Linux | |
Reference: | SecurityTrackerID:1041401 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011 https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011 |