CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

We have discovered 227,950 live websites that are affected by CVE-2018-1302.

Run a Free Instant Scan



Affected Software

Product  Apache
Category Web Servers
Vulnerable Domains227,950 live websites (8.56% of Apache install base)
Vulnerable Versions
  • from 2.4.17 through 2.4.29
Vulnerable Versions Count10 versions ( 8.40% of all versions)



Details

  • Published - Mar 26, 2018
  • Updated - Sep 17, 2024

Website Distribution by Country

Number of websites using CVE-2018-1302
United States57,286 websites


Germany31,157 websites
France16,699 websites
Russia13,983 websites
Canada11,646 websites
Czech Republic9,045 websites
Italy7,905 websites
Singapore5,700 websites
Switzerland5,174 websites
Norway4,577 websites

Website Distribution by TLD

Number of websites using CVE-2018-1302
.com76,279 websites
.de20,812 websites
.ru12,224 websites
.org11,444 websites
.net9,015 websites
.it7,235 websites
.cz7,192 websites
.fr5,302 websites
.ch3,267 websites
.com.br3,192 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2018-1302

Top websites that are affected by CVE-2018-1302. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.net United States***
***.****.us United States*,***
********.in India*,***
******.de Germany*,***
**.***.edu United States*,***
*********.com Germany*,***
*****.org United States*,***
************.com United States*,***
************.it Italy*,***
*********.com Denmark*,***
See full domain list

FAQ

A total of 227,950 websites have been identified as vulnerable to CVE-2018-1302, based on global website indexing conducted by WebTechSurvey.
The Apache is affected by the CVE-2018-1302 vulnerability.
Apache versions up to and including 2.4.29 are vulnerable to CVE-2018-1302.

References