CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "18.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
        }
    ]
}

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type

GIT

Repo

https://github.com/apache/httpd

Events

Introduced

b7ef32c4957883ab17105fa82e6331bf48bed78a

Last affected

3fe4a02b4936b73a10009ac8ea2c742730ccbe42

Introduced

Last affected

4a283f70d99e6535b0be857261d297946a7c58bc

Last affected

8048373d9a8bd8c7237829b56a06485d5f5bf2e4

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "2.4.18"
        },
        {
            "last_affected": "2.4.30"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.33"
        },
        {
            "last_affected": "1.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

2.*

2.4.30

2.4.33

Other

HTTPD_LDAP_1_0_0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1333.json"