VDB
CVE-2018-1333
CVE-2018-1333
PUBLISHED
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
EPSS 20.81% · 95.7th percentile
Risk Scores
EPSS Score
20.81%
95.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | apache2 | 0, 2.4.27-2ubuntu3, 2.4.29-1ubuntu1 |
Exploit Intelligence
- DoS for HTTP/2 connections by crafted requests (CVE-2018-1333) (hackerone)
- DoS for HTTP/2 connections by crafted requests (CVE-2018-1333) (hackerone)
- DoS for HTTP/2 connections by crafted requests (CVE-2018-1333) (hackerone)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
Timeline
- CVE Published
- Oct 28, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Jun 12, 2023 EPSS Score
- Nov 9, 2023 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 5, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1333 third-party-advisory
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333 third-party-advisory
- https://ubuntu.com/security/notices/USN-3783-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1333 third-party-advisory