ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


CVE 2018-1301

'A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.'

ClearCenter response

This issue affects ClearOS 7 and ClearOS 6.

Short response

This low-impact issue that can only be used to crash the running service (Webconfig and Web Server). A fix has been reported to the ClearOS bug tracker and will be resolved either when a fix is available upstream or if httpd and webconfig-httpd are forked and fixes applied to the fork.

Long response

This low-impact issue that can only be used to crash the running service (Webconfig and Web Server). A fix has been reported to the ClearOS bug tracker and will be resolved either when a fix is available upstream or if httpd and webconfig-httpd are forked and fixes applied to the fork.

https://tracker.clearos.com/view.php?id=21661

Resolution

If your Webconfig or Web Server is crashing, evaluate log files for entries that may indicate an attack vector using this exploit that should be firewalled. In order to mitigate risk, place the web server behind a firewall to prevent anonymous access.

content/en_us/announcements_cve_cve-2018-1301.txt · Last modified: 2018/10/01 12:19 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Aannouncements_cve_cve-2018-1301&1558294344