Is CVE-2018-1303 known to be exploited?

41 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack agains…

EPSS: 0.701 (99.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 2.4.5 to 2.4.29

Public proof-of-concept exploits

References

USN-3627-1 (x_refsource_UBUNTU, vendor-advisory)
103522 (vdb-entry, x_refsource_BID)
DSA-4164 (vendor-advisory, x_refsource_DEBIAN)
security.netapp.com/advisory/ntap-20180601-0004/ (x_refsource_CONFIRM)
RHSA-2018:3558 (x_refsource_REDHAT, vendor-advisory)
support.hpe.com/hpsc/doc/public/display (x_refsource_CONFIRM)
RHSA-2019:0367 (x_refsource_REDHAT, vendor-advisory)
USN-3627-2 (x_refsource_UBUNTU, vendor-advisory)
1040572 (vdb-entry, x_refsource_SECTRACK)
httpd.apache.org/security/vulnerabilities_24.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-1303?: CVE-2018-1303 is a vulnerability in Apache Software Foundation Http Server. Published 2018-03-26.
Is CVE-2018-1303 known to be exploited?: 41 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.