CVE 2018-1301
'A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.'
ClearCenter response
This issue affects ClearOS 7 and ClearOS 6.
Short response
This low-impact issue that can only be used to crash the running service (Webconfig and Web Server). A fix has been reported to the ClearOS bug tracker and will be resolved either when a fix is available upstream or if httpd and webconfig-httpd are forked and fixes applied to the fork.
Long response
This low-impact issue that can only be used to crash the running service (Webconfig and Web Server). A fix has been reported to the ClearOS bug tracker and will be resolved either when a fix is available upstream or if httpd and webconfig-httpd are forked and fixes applied to the fork.
Resolution
If your Webconfig or Web Server is crashing, evaluate log files for entries that may indicate an attack vector using this exploit that should be firewalled. In order to mitigate risk, place the web server behind a firewall to prevent anonymous access.