Apache – CVE-2018-1302

Home » Blog » Apache – CVE-2018-1302

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to a NULL Pointer Dereference vulnerability.
That could happen when an HTTP/2 stream was destroyed after being handled leading to the HTTP Server potentially writing a NULL pointer to an already freed memory. Also known as CVE-2018-1302.

Although it’s classified as low risk, the application dereferences a pointer that it expects to be valid, but is actually NULL, that, could cause crashes or an exit.

Severity/Score

CVSS Version 3.x – 5.9 Medium

Recommendation

To fix CVE-2018-1302, upgrade the version of Apache Server being used to 2.4.33.

References

https://cwe.mitre.org/data/definitions/476.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302

< Return to all Vulnerabilities

Zeroed In – Zero-Day Attacks

If you are familiar with programming, you know that Zero ([0]) is usually the starting point of arrays, that is called Zero-based numbering, what does

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Cryptography – A Fine Art

As we know, a conversation need at least 2 people to exist, in this conversation of course, the exchange of data and information are being

Baby steps – getting into the PT industry

By raising hands please tell me ; WHO LIKES MONEY ? I bet none of you kept his hand low, and that’s fine, we love

The Risks in Web Applications and other scary things…

There are couple of things regarding Risks in Web-Based Applications that you should know, let’s talk about them. When crossing the street, we look at

WEB APPLICATION VULNERABILITY SCANNER