'A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.'

• Copyright MITRE Corporation

This issue affects ClearOS 7 and ClearOS 6.

This low-impact issue that can only be used to crash the running service (Webconfig and Web Server). A fix has been reported to the ClearOS bug tracker and will be resolved either when a fix is available upstream or if httpd and webconfig-httpd are forked and fixes applied to the fork.

This low-impact issue that can only be used to crash the running service (Webconfig and Web Server). A fix has been reported to the ClearOS bug tracker and will be resolved either when a fix is available upstream or if httpd and webconfig-httpd are forked and fixes applied to the fork.

https://tracker.clearos.com/view.php?id=21661

If your Webconfig or Web Server is crashing, evaluate log files for entries that may indicate an attack vector using this exploit that should be firewalled. In order to mitigate risk, place the web server behind a firewall to prevent anonymous access.

• MITRE.org CVE database
• Redhat CVE database

search?q=clearos%2C%20clearos%20content%2C%20CVE%2C%20CVE2018-1301%2C%20xapp-name%2C%20maintainer_dloper&btnI=lucky