vulnerability

FreeBSD: VID-f38187e7-2f6e-11e8-8f07-b499baebfeaf (CVE-2018-1301): apache -- multiple vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Mar 24, 2018

Added

Mar 25, 2018

Modified

Jun 15, 2026

Description

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.

Solutions

freebsd-upgrade-package-apache24freebsd-upgrade-package-apache22

References

CVE-2018-1301
https://attackerkb.com/topics/CVE-2018-1301
CWE-119
EUVD-EUVD-2018-11909
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-11909

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report