← Back

CVE-2018-1333

nvd nist
Published: Jun 18, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

Affected (6)

Show all products
Apache: Http Server · Redhat: Jboss Core Services · Canonical: Ubuntu Linux · Netapp: Cloud Backup, Storage Automation Store
Apache
1 product
Http Server
Redhat
1 product
Jboss Core Services
Canonical
1 product
Ubuntu Linux
Netapp
2 products
Cloud Backup
Storage Automation Store
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Http Server
From 2.4.18 to 2.4.30
Http Server
Version 2.4.33
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Jboss Core Services
Version 1.0
Running on/withPlatform Versions
Redhat
Enterprise Linux
Version 6.0
Redhat
Enterprise Linux
Version 7.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 18.04
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Cloud Backup
All versions
Storage Automation Store
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (42)

Source: security@apache.org
Third Party AdvisoryVDB Entry
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Vendor Advisory
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.