|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-04-29 | |
| Rule Name: | Apache httpd mod_md Null Pointer Dereference Vulnerability (CVE-2018-8011) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux | |
| Reference: | SecurityTrackerID:1041401 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011 https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011 |