Improper Input Validation in Apache VCL Affecting Multiple Versions
CVE-2018-11773

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Vcl
Vendor: CVE Published:; 29 July 2019

What is CVE-2018-11773?

Apache VCL versions ranging from 2.1 to 2.5 are susceptible to an input validation flaw during the processing of block allocation submissions. When users submit forms, the unvalidated data is passed to the PHP function strtotime, which can lead to unexpected behavior and potential exploitation. Early analyses indicated that the implementation of strtotime seemed resilient to attacks, but it is crucial for users operating VCL versions prior to 2.5.1 to apply the necessary upgrades or patches to mitigate this vulnerability. The issue was identified and reported by ADLab of Venustech.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

VCL 2.1 through 2.5

References

https://lists.apache.org/thread.html/db71c4edc21ecb834cf2...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/8f3284afbcb4b87ed107...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 29, 2019
Vulnerability Reserved
Jun 5, 2018

JSON

Apache

What is CVE-2018-11773?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.