Lucene search
MitreCVELIST:CVE-2011-4415HistoryNov 08, 2011 - 11:00 a.m.
CVE-2011-4415
2011-11-0811:00:00
mitre
www.cve.org
1
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the “len +=” statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
Related
f5
f5
SOL16908 - Apache HTTPD vulnerability CVE-2011-4415
2015-07-23 00:00:00
K16908 : Apache HTTPD vulnerability CVE-2011-4415
2015-07-23 00:00:00
K16907 : Apache HTTPD vulnerability CVE-2011-3607
2015-07-23 00:00:00
prion
prion
Null pointer dereference
2011-11-08 11:55:00
Integer overflow
2011-11-08 11:55:00
zdt
zdt
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Vulnerability
2017-03-29 00:00:00
ubuntucve
ubuntucve
CVE-2011-4415
2011-11-08 00:00:00
CVE-2011-3607
2011-11-08 00:00:00
nvd
nvd
CVE-2011-4415
2011-11-08 11:55:05
CVE-2011-3607
2011-11-08 11:55:05
cve
cve
CVE-2011-4415
2011-11-08 11:55:05
CVE-2011-3607
2011-11-08 11:55:05
debiancve
debiancve
CVE-2011-4415
2011-11-08 11:55:05
CVE-2011-3607
2011-11-08 11:55:05
openvas
openvas
Mandriva Update for apache MDVSA-2012:003 (apache)
2012-01-13 00:00:00
httpd
httpd
Apache Httpd < 2.0.65 : mod_setenvif .htaccess privilege escalation
2011-10-04 00:00:00
Apache Httpd < 2.2.22 : mod_setenvif .htaccess privilege escalation
2011-10-04 00:00:00
securityvulns
securityvulns
Apache privilege escalation
2012-01-11 00:00:00
Apache multiple security vulnerabilities
2012-02-03 00:00:00
[Announce] Apache HTTP Server 2.2.22 Released
2012-02-03 00:00:00
nessus
nessus
F5 Networks BIG-IP : Apache HTTPD vulnerability (SOL16907)
2015-07-24 00:00:00
RHEL 4 : httpd (Unpatched Vulnerability)
2024-06-03 00:00:00
Mandriva Linux Security Advisory : apache (MDVSA-2012:003)
2012-01-11 00:00:00
seebug
seebug
Apache HTTP Server "ap_pregsub()"函数本地权限提升漏洞
2011-11-04 00:00:00
Apache HTTP Server 'ap_pregsub()'函数本地拒绝服务漏洞(CVE-2011-4415)
2012-07-02 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:10:15
cvelist
cvelist
CVE-2011-3607
2011-11-08 11:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2012-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: httpd-2.2.22-1.fc16
2012-02-21 01:28:42
[SECURITY] Fedora 15 Update: httpd-2.2.22-1.fc15
2012-03-06 19:30:50
oraclelinux
oraclelinux
httpd security update
2012-02-28 00:00:00
httpd security update
2012-02-13 00:00:00
httpd security, bug fix, and enhancement update
2013-02-22 00:00:00
redhat
redhat
(RHSA-2012:0323) Moderate: httpd security update
2012-02-21 00:00:00
(RHSA-2012:0128) Moderate: httpd security update
2012-02-13 00:00:00
(RHSA-2012:0543) Moderate: httpd security and bug fix update
2012-05-07 18:13:40
slackware
slackware
[slackware-security] httpd
2012-02-10 17:43:57
debian
debian
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
amazon
amazon
Medium: httpd
2012-02-16 10:48:00
centos
centos
httpd, mod_ssl security update
2012-02-14 11:13:29
osv
osv
apache2 - multiple issues
2012-02-06 00:00:00
freebsd
freebsd
apache -- multiple vulnerabilities
2011-10-05 00:00:00
kaspersky
kaspersky
KLA10065 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00