CVE-2018-1302 vulnerability in Apache and Other Products
Published on March 26, 2018

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-1302

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1302 are published in these products:

Apache HTTP Server

NetApp Clustered Data Ontap

NetApp Santricity Cloud Connector

NetApp Storagegrid

NetApp Storage Automation Store

Canonical Ubuntu Linux

Affected Versions

Apache Software Foundation Apache HTTP Server Version 2.4.17 to 2.4.29 is affected by CVE-2018-1302

Exploit Probability

EPSS

12.13%

Percentile

93.71%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1302 vulnerability in Apache and Other ProductsPublished on March 26, 2018

Products Associated with CVE-2018-1302

Affected Versions

Exploit Probability

CVE-2018-1302 vulnerability in Apache and Other Products
Published on March 26, 2018