httpd-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Cox <>
Subject CVE-2018-8011: Apache HTTP Server mod_md DoS
Date Wed, 18 Jul 2018 08:02:27 GMT
CVE-2018-8011: mod_md DoS via Coredumps on specially crafted requests

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.33

By specially crafting HTTP requests, the mod_md challenge
handler would dereference a NULL pointer and cause the child
process to segfault. This could be used to DoS the server

All httpd users should upgrade to 2.4.34 or later.

The issue was discovered by Daniel Caminada


View raw message