CVE-2018-1302
httpd: Use-after-free on HTTP/2 stream shutdown
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
Cuando un flujo de datos o stream HTTP/2 se destruye después de haber sido manipulado, el servidor Apache HTTP en versiones anteriores a la 2.4.30 podría escribir un puntero NULL en una memoria ya liberada. Los bloques de memoria mantenidos por el servidor hacen que sea difícil que esta vulnerabilidad tenga lugar en configuraciones normales, el informador y el equipo no podían reproducirla fuera de builds de depuración, por lo que se clasifica como de riesgo bajo.
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-07 CVE Reserved
- 2018-03-26 CVE Published
- 2024-09-17 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-476: NULL Pointer Dereference
CAPEC
References (25)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:0366 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:0367 | 2023-11-07 | |
| https://httpd.apache.org/security/vulnerabilities_24.html | 2023-11-07 | |
| https://usn.ubuntu.com/3783-1 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2018-1302 | 2019-02-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1560625 | 2019-02-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | <= 2.4.29 Search vendor "Apache" for product "Http Server" and version " <= 2.4.29" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Santricity Cloud Connector Search vendor "Netapp" for product "Santricity Cloud Connector" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Storage Automation Store Search vendor "Netapp" for product "Storage Automation Store" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Storagegrid Search vendor "Netapp" for product "Storagegrid" | - | - |
Affected
| ||||||