You are here

Home › Apache HTTP Server Vulnerabilities Related to Version 2.4.33

Apache HTTP Server Vulnerabilities Related to Version 2.4.33

Submitted on 26. March 2018 - 16:54 by rischi.
Last update on 27. March 2018 - 13:50.
IDs: 
CVE-2018-1303, CVE-2018-1302, CVE-2018-1301, CVE-2018-1312, CVE-2017-15710, CVE-2017-15715, CVE-2018-1283
Keywords: 
httpd
Description: 

The Apache HTTP Server version 2.4.33 fixes seven vulnerabilities [1]. The vulnerabilities are actually fixed in the non released version 2.4.30.

Airlock WAF is not affected.

Details

  • CVE-2018-1303 - Affects the Apache module mod_cache_socache. This module is not used by Airlock WAF.
  • CVE-2018-1302 - Affects the Apache module mod_http2. The criticality of the vulnerability is negligible for Airlock WAF. 
  • CVE-2018-1301 - Affects the parsing of HTTP header in debug log and build level. Airlock WAF is not affected because debug log and build level is not used.
  • CVE-2018-1312 - Affects the Apache module mod_auth_digest. The module mod_auth_digest is not used by Airlock WAF.
  • CVE-2017-15715 - Affects the Apache directive FilesMatch. This directive is not used by Airlock WAF.
  • CVE-2017-15710 - Affects the Apache module mod_authnz_ldap. This module is not used by Airlock WAF.
  • CVE-2018-1283 - Affects the Apache module mod_session. This module is not used by Airlock WAF.
Resolution: 

No action is required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
[1] Apache httpd 2.4 vulnerabilities
© Ergon Informatik AG