Apache HTTP Server CVE-2018-11763 Denial of Service Vulnerability
BID:105414
CVE-2018-11763 |Info
Apache HTTP Server CVE-2018-11763 Denial of Service Vulnerability
| Bugtraq ID: | 105414 |
| Class: | Design Error |
| CVE: |
CVE-2018-11763 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 25 2018 12:00AM |
| Updated: | Apr 17 2019 10:00AM |
| Credit: | Gal Goldshtein of F5 Networks. |
| Vulnerable: |
Oracle Solaris 11.4 Oracle Secure Global Desktop 5.4 Oracle Retail Xstore Point of Service 7.1 Oracle Retail Xstore Point of Service 7.0 Oracle Instantis EnterpriseTrack 17.3 Oracle Instantis EnterpriseTrack 17.2 Oracle Instantis EnterpriseTrack 17.1 Oracle Hospitality Guest Access 4.2.1 Oracle Hospitality Guest Access 4.2 Oracle Enterprise Manager Ops Center 12.3.3 Apache mod_http2 1.10.20 Apache mod_http2 1.10.19 Apache mod_http2 1.10.18 Apache Apache 2.4.26 Apache Apache 2.4.25 Apache Apache 2.4.23 Apache Apache 2.4.20 Apache Apache 2.4.19 Apache Apache 2.4.18 Apache Apache 2.4.17 Apache Apache 2.4.34 Apache Apache 2.4.30 Apache Apache 2.4.29 Apache Apache 2.4.28 Apache Apache 2.4.27 Apache Apache 2.4.24 |
| Not Vulnerable: |
Apache mod_http2 1.11.0 Apache Apache 2.4.35 |
Discussion
Apache HTTP Server CVE-2018-11763 Denial of Service Vulnerability
Apache HTTP Server is prone to a denial-of-service vulnerability.
Attackers may leverage this issue to cause a denial-of-service condition, denying service to legitimate users.
Apache HTTP Server 2.4.17 through 2.4.34 are vulnerable.
Apache HTTP Server is prone to a denial-of-service vulnerability.
Attackers may leverage this issue to cause a denial-of-service condition, denying service to legitimate users.
Apache HTTP Server 2.4.17 through 2.4.34 are vulnerable.
Exploit / POC
Apache HTTP Server CVE-2018-11763 Denial of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apache HTTP Server CVE-2018-11763 Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apache HTTP Server CVE-2018-11763 Denial of Service Vulnerability
References:
References:
- Apache Homepage (Apache)
- Apache httpd 2.4 vulnerabilities (Apache Software Foundation)
- icing/mod_h2 v1.11.0 (Icing)
- Bug 1633399 CVE-2018-11763 httpd: DoS for HTTP/2 connections by continuous SETTI (Redhat)
- CVE-2018-11763 (Redhat)
- Oracle Critical Patch Update Advisory - April 2019 (Oracle)
- Oracle Critical Patch Update Advisory - January 2019 (Oracle)
- Oracle Solaris Third Party Bulletin - January 2019 (Oracle)