Lucene search
F5F5:K94597539HistoryApr 06, 2018 - 12:00 a.m.
K94597539 : Apache httpd vulnerability CVE-2018-1283
2018-04-0600:00:00
my.f5.com
40
Security Advisory Description
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a “Session” header. This comes from the “HTTP_SESSION” variable name used by mod_session to forward its data to CGIs, since the prefix “HTTP_” is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. (CVE-2018-1283)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
cvelist
cvelist
CVE-2018-1283
2018-03-23 00:00:00
veracode
veracode
Privilege Escalation
2019-05-16 03:21:43
Denial Of Service
2019-05-16 03:38:52
Path Traversal
2019-05-16 03:38:52
alpinelinux
alpinelinux
CVE-2018-1283
2018-03-26 15:29:00
debiancve
debiancve
CVE-2018-1283
2018-03-26 15:29:00
redhatcve
redhatcve
CVE-2018-1283
2018-03-26 04:49:01
ubuntucve
ubuntucve
CVE-2018-1283
2018-03-26 00:00:00
httpd
httpd
Apache Httpd < 2.4.33 : Tampering of mod_session data for CGI applications
2017-11-14 00:00:00
prion
prion
Design/Logic Flaw
2018-03-26 15:29:00
nvd
nvd
CVE-2018-1283
2018-03-26 15:29:00
cve
cve
CVE-2018-1283
2018-03-26 15:29:00
osv
osv
CVE-2018-1283
2018-03-26 15:29:00
apache2 - security update
2018-04-03 00:00:00
ibm
ibm
nessus
nessus
EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-2593)
2019-12-18 00:00:00
EulerOS 2.0 SP2 : httpd (EulerOS-SA-2019-2402)
2019-12-10 00:00:00
EulerOS 2.0 SP5 : httpd (EulerOS-SA-2019-2157)
2019-11-12 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2593)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2402)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2157)
2020-01-23 00:00:00
suse
suse
Security update for apache2 (important)
2018-04-09 03:07:20
Security update for apache2 (important)
2018-04-05 21:09:45
fedora
fedora
[SECURITY] Fedora 27 Update: httpd-2.4.33-2.fc27
2018-04-05 23:59:00
[SECURITY] Fedora 28 Update: httpd-2.4.33-2.fc28
2018-04-05 11:50:14
[SECURITY] Fedora 26 Update: httpd-2.4.33-4.fc26
2018-05-12 18:27:28
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2018-04-30 00:00:00
Apache HTTP Server vulnerabilities
2018-04-19 00:00:00
debian
debian
[SECURITY] [DSA 4164-1] apache2 security update
2018-04-03 16:02:15
[SECURITY] [DSA 4164-1] apache2 security update
2018-04-03 16:02:15
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2020-10-06 00:00:00
redhat
redhat
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2020-10-20 18:13:33
archlinux
archlinux
[ASA-201804-4] apache: multiple issues
2018-04-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1
2018-03-31 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.33-alt1
2018-03-31 00:00:00
Security fix for the ALT Linux 8 package apache2 version 1:2.4.33-alt1
2018-03-31 00:00:00
kaspersky
kaspersky
KLA12361 Multiple vulnerabilities in Apache HTTP Server
2018-03-21 00:00:00
freebsd
freebsd
apache -- multiple vulnerabilities
2018-03-23 00:00:00
amazon
amazon
Medium: httpd24
2018-05-03 16:29:00
mageia
mageia
Updated apache packages fix security vulnerabilities
2018-11-20 14:11:24
symantec
symantec
Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018
2018-11-07 08:01:01