CVE-2018-1302 : When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

Published 2018-03-26 15:29:00

Updated 2021-06-06 11:15:21

Source Apache Software Foundation

View at NVD, CVE.org

Products affected by CVE-2018-1302

Apache » Http Server
Versions up to, including, (<=) 2.4.29
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Netapp » Clustered Data Ontap » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Matching versions
Netapp » Santricity Cloud Connector » Version: N/A
cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*
Matching versions
Netapp » Storage Automation Store » Version: N/A
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
Matching versions
Netapp » Storagegrid » Version: N/A
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2018-1302

Top countries where our scanners detected CVE-2018-1302

Top open port discovered on systems with this issue 80

IPs affected by CVE-2018-1302 6,107,475

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-1302!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-1302

EPSS FAQ

9.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 92 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1302

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-1302

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1302

https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E

svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ - Pony Mail

CVEs referencing this url
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us

HPESBUX03909 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities
Third Party Advisory

CVEs referencing this url
https://www.tenable.com/security/tns-2019-09

[R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities - Security Advisory | Tenable®

CVEs referencing this url
https://usn.ubuntu.com/3783-1/

USN-3783-1: Apache HTTP Server vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
https://httpd.apache.org/security/vulnerabilities_24.html

httpd 2.4 vulnerabilities - The Apache HTTP Server Project
Vendor Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E

svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/ - Pony Mail

CVEs referencing this url
http://www.securityfocus.com/bid/103528

Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E

svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s

CVEs referencing this url
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E

svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/ - Pony Mail

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:0367

RHSA-2019:0367 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E

svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ - Pony Mail

CVEs referencing this url
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E

svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ - Pony Mail

CVEs referencing this url
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E

svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:0366

RHSA-2019:0366 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E

svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2018/03/24/5

oss-security - CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
http://www.securitytracker.com/id/1040567

Apache HTTPD Write-after-free Memory Error in Processing HTTP/2 Streams Has Unspecified Impact - SecurityTracker
Third Party Advisory;VDB Entry
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E

svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20180601-0004/

March 2018 Apache HTTP Server Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url