Apache – CVE-2018-1302

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to a NULL Pointer Dereference vulnerability.
That could happen when an HTTP/2 stream was destroyed after being handled leading to the HTTP Server potentially writing a NULL pointer to an already freed memory. Also known as CVE-2018-1302.

Although it’s classified as low risk, the application dereferences a pointer that it expects to be valid, but is actually NULL, that, could cause crashes or an exit.

Severity/Score

CVSS Version 3.x – 5.9 Medium

Recommendation

To fix CVE-2018-1302, upgrade the version of Apache Server being used to 2.4.33.

References

https://cwe.mitre.org/data/definitions/476.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302

< Return to all Vulnerabilities