Apache – CVE-2018-1302

Home » Blog » Apache – CVE-2018-1302

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to a NULL Pointer Dereference vulnerability.
That could happen when an HTTP/2 stream was destroyed after being handled leading to the HTTP Server potentially writing a NULL pointer to an already freed memory. Also known as CVE-2018-1302.

Although it’s classified as low risk, the application dereferences a pointer that it expects to be valid, but is actually NULL, that, could cause crashes or an exit.

Severity/Score

CVSS Version 3.x – 5.9 Medium

Recommendation

To fix CVE-2018-1302, upgrade the version of Apache Server being used to 2.4.33.

References

https://cwe.mitre.org/data/definitions/476.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Adwares – A Dangerous Distraction

Adwares pose A Dangerous Distraction.What is an Adware? Why should we care? Why are adwares considered Malicious? How do we get rid of them? In

GETting it – POSTing it

No one likes things to get mixed up, creating confusion and misunderstandings, and sometimes even make our arguments seem a bit silly in the heat

WEB APPLICATION VULNERABILITY SCANNER