UBUNTU-CVE-2018-1283
- Source
- https://ubuntu.com/security/CVE-2018-1283
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1283.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-1283
- Related
- Published
- 2018-03-26T00:00:00Z
- Modified
- 2018-03-26T00:00:00Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its data to CGIs, since the prefix "HTTP" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.
- References
Affected packages
Ubuntu:14.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.7-1ubuntu4.20
Affected versions
2.*
2.4.6-2ubuntu2
2.4.6-2ubuntu3
2.4.6-2ubuntu4
2.4.7-1ubuntu1
2.4.7-1ubuntu2
2.4.7-1ubuntu3
2.4.7-1ubuntu4
2.4.7-1ubuntu4.1
2.4.7-1ubuntu4.4
2.4.7-1ubuntu4.5
2.4.7-1ubuntu4.6
2.4.7-1ubuntu4.7
2.4.7-1ubuntu4.8
2.4.7-1ubuntu4.9
2.4.7-1ubuntu4.10
2.4.7-1ubuntu4.11
2.4.7-1ubuntu4.13
2.4.7-1ubuntu4.15
2.4.7-1ubuntu4.16
2.4.7-1ubuntu4.17
2.4.7-1ubuntu4.18
2.4.7-1ubuntu4.19
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-bin-dbgsym"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-dbg"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-mpm-event"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-mpm-itk"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-mpm-prefork"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-mpm-worker"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-suexec"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-suexec-custom-dbgsym"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-suexec-pristine-dbgsym"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2-utils-dbgsym"
},
{
"binary_version": "2.4.7-1ubuntu4.20",
"binary_name": "apache2.2-bin"
},
{
"binary_version": "1:2.4.7-1ubuntu4.20",
"binary_name": "libapache2-mod-macro"
},
{
"binary_version": "1:2.4.7-1ubuntu4.20",
"binary_name": "libapache2-mod-proxy-html"
}
]
}
Ubuntu:16.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.18-2ubuntu3.8
Affected versions
2.*
2.4.12-2ubuntu2
2.4.17-1ubuntu1
2.4.17-2ubuntu1
2.4.17-3ubuntu1
2.4.18-1ubuntu1
2.4.18-2ubuntu1
2.4.18-2ubuntu2
2.4.18-2ubuntu3
2.4.18-2ubuntu3.1
2.4.18-2ubuntu3.2
2.4.18-2ubuntu3.3
2.4.18-2ubuntu3.4
2.4.18-2ubuntu3.5
2.4.18-2ubuntu3.7
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-bin-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-dbg"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-dev-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-suexec-custom-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-suexec-pristine-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.18-2ubuntu3.8",
"binary_name": "apache2-utils-dbgsym"
}
]
}
Ubuntu:18.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.29-1ubuntu4.1
Affected versions
2.*
2.4.27-2ubuntu3
2.4.29-1ubuntu1
2.4.29-1ubuntu2
2.4.29-1ubuntu3
2.4.29-1ubuntu4
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2"
},
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2-dbg"
},
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.29-1ubuntu4.1",
"binary_name": "apache2-utils"
}
]
}