VDB
ALPINE-CVE-2018-8011
ALPINE-CVE-2018-8011
PUBLISHED
CVSS 7.5 HIGH
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
Risk Scores
CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.13 | apache2 | 2.2.16-r0, 2.2.16-r1, 2.2.16-r2 |
| Alpine:v3.23 | apache2 | 0, 2.2.16-r0, 2.2.16-r1 |
| Alpine:v3.12 | apache2 | 2.4.23-r1, 2.4.9-r0, 2.4.7-r0 |
| Alpine:v3.22 | apache2 | 2.4.9-r1, 2.4.3-r0, 2.4.29-r1 |
| Alpine:v3.9 | apache2 | 2.4.3-r2, 2.4.7-r0, 2.4.9-r0 |
| Alpine:v3.17 | apache2 | 2.4.6-r1, 0, 2.2.16-r0 |
| Alpine:v3.21 | apache2 | 2.4.9-r1, 2.4.9-r0, 2.4.7-r0 |
| Alpine:v3.19 | apache2 | 2.4.6-r3, 2.4.9-r1, 2.4.9-r0 |
| Alpine:v3.10 | apache2 | 2.4.6-r2, 2.2.16-r0, 2.2.16-r1 |
| Alpine:v3.16 | apache2 | 0, 2.2.16-r0, 2.2.16-r1 |
| Alpine:v3.8 | apache2 | 2.4.9-r1, 2.4.9-r0, 2.4.7-r0 |
| Alpine:v3.7 | apache2 | 2.4.9-r1, 2.4.9-r0, 2.4.7-r0 |
| Alpine:v3.11 | apache2 | 2.4.23-r4, 0, 2.2.16-r0 |
| Alpine:v3.14 | apache2 | 2.4.20-r1, 2.4.12-r3, 2.2.21-r2 |
| Alpine:v3.20 | apache2 | 2.4.23-r1, 2.4.9-r1, 2.4.9-r0 |
| Alpine:v3.15 | apache2 | 2.4.6-r4, 2.2.16-r0, 2.2.16-r1 |
| Alpine:v3.5 | apache2 | 2.2.16-r3, 2.2.16-r2, 2.2.16-r1 |
| Alpine:v3.18 | apache2 | 2.2.17-r1, 2.2.17-r4, 2.4.33-r0 |
| Alpine:v3.6 | apache2 | 2.4.16-r0, 2.4.17-r0, 2.4.17-r1 |
Timeline
- Jul 18, 2018 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch