CVE-2018-1283

Public on 2018-05-03
Modified on 2018-05-03
Description
It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header.
Severity
Medium
CVSS v3 Base Score
4.8
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 httpd24 2018-05-03 16:29 ALAS-2018-1004

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
NVD CVSSv3 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
NVD CVSSv2 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N