CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

We have discovered 727,573 live websites that are affected by CVE-2018-17199.

Run a Free Instant Scan



Affected Software

Product  Apache
Category Web Servers
Vulnerable Domains727,573 live websites (26% of Apache install base)
Vulnerable Versions
  • from 2.4 through 2.4.37
Vulnerable Versions Count31 versions ( 26% of all versions)



Details

  • Published - Jan 30, 2019
  • Updated - Sep 16, 2024

Website Distribution by Country

Number of websites using CVE-2018-17199
United States227,856 websites


Germany65,396 websites
France41,594 websites
Japan38,503 websites
Russia30,797 websites
Netherlands29,549 websites
Singapore22,930 websites
Italy22,480 websites
Czech Republic21,541 websites
Canada19,835 websites

Website Distribution by TLD

Number of websites using CVE-2018-17199
.com285,135 websites
.de41,145 websites
.org32,451 websites
.net28,317 websites
.ru26,802 websites
.nl21,239 websites
.it20,544 websites
.cz17,557 websites
.jp16,808 websites
.fr13,691 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2018-17199

Top websites that are affected by CVE-2018-17199. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*************.***.****.****.************.net United States***
*********.net United States***
***.****.us United States*,***
******************.com United States*,***
****.com United States*,***
********.com United States*,***
*****.com Canada*,***
********.in India*,***
******.*****.gov United States*,***
******.de Germany*,***
See full domain list

FAQ

A total of 727,573 websites have been identified as vulnerable to CVE-2018-17199, based on global website indexing conducted by WebTechSurvey.
The Apache is affected by the CVE-2018-17199 vulnerability.
Apache versions up to and including 2.4.37 are vulnerable to CVE-2018-17199.

References