ALPINE-CVE-2018-1303
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 26 Mar 2018, 15:29
Last modified:03 Dec 2025, 22:41
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
3.0 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Mar 2018, 15:29
Published
Vulnerability first disclosed
03 Dec 2025, 22:41
Last Modified
Vulnerability information updated
Description
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.
CVSS Metrics
- v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- alpine•apache2
< 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0 | < 2.4.33-r0