- Vulnerability/
- USN-3627-1
USN-3627-1: Apache HTTP Server vulnerabilities
First published: Thu Apr 19 2018(Updated: )
Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710) Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in . A remote attacker could possibly use this issue to upload certain files, contrary to expectations. (CVE-2017-15715) It was discovered that the Apache HTTP Server mod_session module incorrectly handled certain headers. A remote attacker could possibly use this issue to influence session data. (CVE-2018-1283) Robert Swiecki discovered that the Apache HTTP Server incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1301) Robert Swiecki discovered that the Apache HTTP Server mod_cache_socache module incorrectly handled certain headers. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1303) Nicolas Daniels discovered that the Apache HTTP Server incorrectly generated the nonce when creating HTTP Digest authentication challenges. A remote attacker could possibly use this issue to replay HTTP requests across a cluster of servers. (CVE-2018-1312)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/apache2-bin | <2.4.27-2ubuntu4.1 | 2.4.27-2ubuntu4.1 |
| Ubuntu Ubuntu | =17.10 | |
| All of | ||
| ubuntu/apache2-bin | <2.4.18-2ubuntu3.8 | 2.4.18-2ubuntu3.8 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/apache2-bin | <2.4.7-1ubuntu4.20 | 2.4.7-1ubuntu4.20 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-15710
- https://ubuntu.com/security/CVE-2017-15715
- https://ubuntu.com/security/CVE-2018-1283
- https://ubuntu.com/security/CVE-2018-1301
- https://ubuntu.com/security/CVE-2018-1303
- https://ubuntu.com/security/CVE-2018-1312
- https://ubuntu.com/security/notices/USN-3627-2
- https://ubuntu.com/security/notices/USN-3937-2
- https://launchpad.net/ubuntu/+source/apache2/2.4.27-2ubuntu4.1
- https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.8
- https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.20
- https://ubuntu.com/security/notices/USN-3627-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-3627-1.
What is the severity of USN-3627-1?
The severity of USN-3627-1 is not specified in the information provided.
How does the Apache HTTP Server vulnerabilities impact servers?
The Apache HTTP Server vulnerabilities can cause the server to crash, resulting in a denial of service.
Which versions of Apache HTTP Server are affected?
Apache HTTP Server versions 2.4.27-2ubuntu4.1, 2.4.18-2ubuntu3.8, and 2.4.7-1ubuntu4.20 are affected.
How can I fix the Apache HTTP Server vulnerabilities?
To fix the Apache HTTP Server vulnerabilities, update to the recommended versions: 2.4.27-2ubuntu4.1, 2.4.18-2ubuntu3.8, or 2.4.7-1ubuntu4.20.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-3627-2
- anchor-related/USN-3937-2
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/17.10
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04