The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. (CVE-2011-1928)

References

support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html

support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html

support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html

openvas 59

nessus 37

fedora 5

debiancve 2

debian 4

centos 2

veracode 2

securityvulns 8

freebsd 3

ubuntu 1

ubuntucve 2

redhat 3

prion 2

cve 2

f5 3

gentoo 1

suse 1

slackware 2

altlinux 2

oraclelinux 2

exploitpack 1

checkpoint_advisories 2

seebug 1

httpd 2

exploitdb 1

kaspersky 1

hackerone 1

oracle 2

openvas

Debian Security Advisory DSA 2237-2 (apr)

2011-08-03 00:00:00

Ubuntu: Security Advisory (USN-1134-1)

2011-06-03 00:00:00

CentOS Update for apr CESA-2011:0844 centos5 i386

2011-08-09 00:00:00

nessus

Fedora 13 : apr-1.4.5-1.fc13 (2011-7340)

2011-06-06 00:00:00

CentOS 4 / 5 : apr (CESA-2011:0844)

2011-06-02 00:00:00

Scientific Linux Security Update : apr on SL4.x, SL5.x i386/x86_64

2012-08-01 00:00:00

fedora

[SECURITY] Fedora 15 Update: apr-1.4.5-1.fc15

2011-06-02 10:55:41

[SECURITY] Fedora 14 Update: apr-1.4.5-1.fc14

2011-06-04 03:01:11

[SECURITY] Fedora 15 Update: apr-1.4.5-1.fc15

2011-06-02 19:12:11

debiancve

CVE-2011-1928

2011-05-24 23:55:00

CVE-2011-0419

2011-05-16 17:55:00

debian

[SECURITY] [DSA 2237-2] apr security update

2011-05-21 08:01:12

[SECURITY] [DSA 2237-2] apr security update

2011-05-21 08:01:12

[SECURITY] [DSA 2237-1] apr security update

2011-05-15 09:25:17

centos

apr security update

2011-05-31 16:57:35

apr security update

2011-05-12 02:38:03

veracode

Denial Of Service (DoS)

2020-04-10 01:02:57

Denial Of Service (DoS)

2020-04-10 00:58:59

securityvulns

[ MDVSA-2011:095 ] apr

2011-05-21 00:00:00

apr / Apache mod_autoindex DoS

2011-05-21 00:00:00

[SECURITY] [DSA 2237-1] apr security update

2011-05-16 00:00:00

freebsd

Apache APR -- DoS vulnerabilities

2011-05-19 00:00:00

Apache APR -- DoS vulnerabilities

2011-05-10 00:00:00

Apache APR -- DoS vulnerabilities

2011-05-19 00:00:00

ubuntu

APR vulnerabilities

2011-05-24 00:00:00

ubuntucve

CVE-2011-1928

2011-05-24 00:00:00

CVE-2011-0419

2011-05-16 00:00:00

redhat

(RHSA-2011:0844) Low: apr security update

2011-05-31 00:00:00

(RHSA-2011:0507) Moderate: apr security update

2011-05-11 00:00:00

(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update

2011-06-22 00:00:00

prion

Code injection

2011-05-24 23:55:00

Design/Logic Flaw

2011-05-16 17:55:00

cve

CVE-2011-1928

2011-05-24 23:55:00

CVE-2011-0419

2011-05-16 17:55:00

K16879 : Apache Portable Runtime vulnerability CVE-2011-1928

2015-07-02 00:00:00

SOL15920 - Apache vulnerability CVE-2011-0419

2014-12-18 00:00:00

K15920 : Apache vulnerability CVE-2011-0419

2014-12-18 00:00:00

gentoo

Apache Portable Runtime, APR Utility Library: Denial of service

2014-05-18 00:00:00

suse

Security update for apache2 (important)

2011-11-09 19:08:34

slackware

[slackware-security] apr/apr-util

2011-05-25 23:18:28

[slackware-security] apr/apr-util

2011-05-14 05:03:34

altlinux

Security fix for the ALT Linux 7 package apr1 version 1.4.6-alt1

2012-11-16 00:00:00

Security fix for the ALT Linux 7 package apr1 version 1.4.4-alt1

2011-05-13 00:00:00

oraclelinux

apr security update

2011-05-31 00:00:00

apr security update

2011-05-11 00:00:00

exploitpack

Apache 1.42.2.x - APR apr_fnmatch() Denial of Service

2011-05-12 00:00:00

checkpoint_advisories

Apache APR apr_fnmatch Stack Overflow Denial of Service (CVE-2011-0419)

2011-08-16 00:00:00

Apache APR apr_fnmatch Stack Overflow Denial of Service

2011-07-15 00:00:00

seebug

Apache APR 'apr_fnmatch()'拒绝服务漏洞

2011-05-13 00:00:00

httpd

Apache Httpd < 2.2.19 : apr_fnmatch flaw leads to mod_autoindex remote DoS

2011-03-02 00:00:00

Apache Httpd < 2.0.65 : apr_fnmatch flaw leads to mod_autoindex remote DoS

2011-03-02 00:00:00

exploitdb

Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service

2011-05-12 00:00:00

kaspersky

KLA10065 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

hackerone

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

oracle

Oracle Critical Patch Update - July 2013

2013-07-16 00:00:00

Oracle Critical Patch Update - July 2012

2012-07-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.969 High

EPSS

Percentile

99.6%

JSON

Related for SOL16879