Select Page

[Overview]

The Apache HTTP server is currently the most popular web server, which supports the use of various runtime loaded modules to extend its functionality. Recently, Apache HTTP Server fixed a denial of service vulnerability.

[Vulnerability Details]

CVE-2018-1303: The vulnerability is due to an incorrect validation of the HTTP request header. An attacker could exploit this vulnerability by sending a well-structured HTTP request to the target HTTP server. The request contains one or more null HTTP headers. If the server has the mod_cache_socache module enabled, it will highly cause a memory allocation failure. In turn it causes Apache HTTP Server crashes, which will implement a denial of service attack.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

[Severity]

Critical

[Affected Version]

  • Apache HTTP Server Version 2.4.6 ->2.4.29

[Suggestions]

Update the patch provided by Apache to fix this vulnerability.

Official statement: https://httpd.apache.org/security/vulnerabilities_24.html

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.234. By deploying any Hillstone Networks solution with the IPS function, the Apache HTTP server denial of service vulnerability can be quickly detected and effectively intercepted, preventing the server from being attacked.

Threat Events Detected by Hillstone Solutions

Vulnerability Detail Description

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level