Note especially a security fix to APR 1.4.4, excessive CPU
consumption was possible due to an unconstrained, recursive
invocation of apr_fnmatch, as apr_fnmatch processed ‘*’ wildcards.
Reimplement apr_fnmatch() from scratch using a non-recursive
algorithm now has improved compliance with the fnmatch() spec.
(William Rowe)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchapr1< 1.4.4.1.3.11UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	apr1	< 1.4.4.1.3.11	UNKNOWN

References

www.apache.org/dist/apr/Announcement1.x.html

openvas 56

nessus 35

oraclelinux 1

exploitpack 1

debian 4

debiancve 2

slackware 1

redhat 3

securityvulns 8

altlinux 1

ubuntucve 2

centos 2

prion 2

cve 2

checkpoint_advisories 2

veracode 2

f5 4

httpd 2

seebug 1

freebsd 2

fedora 5

ubuntu 1

gentoo 1

suse 1

kaspersky 1

hackerone 1

oracle 2

openvas

FreeBSD Ports: apr0

2012-02-13 00:00:00

FreeBSD Ports: apr1

2011-08-03 00:00:00

CentOS Update for apr CESA-2011:0507 centos4 x86_64

2012-07-30 00:00:00

nessus

Debian DSA-2237-1 : apr - denial of service

2011-05-16 00:00:00

CentOS 4 / 5 : apr (CESA-2011:0507)

2011-05-12 00:00:00

Oracle Linux 4 / 5 / 6 : apr (ELSA-2011-0507)

2013-07-12 00:00:00

oraclelinux

apr security update

2011-05-11 00:00:00

exploitpack

Apache 1.42.2.x - APR apr_fnmatch() Denial of Service

2011-05-12 00:00:00

debian

[SECURITY] [DSA 2237-1] apr security update

2011-05-15 09:25:17

[SECURITY] [DSA 2237-1] apr security update

2011-05-15 09:25:17

[SECURITY] [DSA 2237-2] apr security update

2011-05-21 08:01:12

debiancve

CVE-2011-0419

2011-05-16 17:55:00

CVE-2011-1928

2011-05-24 23:55:00

slackware

[slackware-security] apr/apr-util

2011-05-14 05:03:34

redhat

(RHSA-2011:0507) Moderate: apr security update

2011-05-11 00:00:00

(RHSA-2011:0844) Low: apr security update

2011-05-31 00:00:00

(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update

2011-06-22 00:00:00

securityvulns

[SECURITY] [DSA 2237-1] apr security update

2011-05-16 00:00:00

Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)

2011-05-16 00:00:00

apr / Apache mod_autoindex DoS

2011-05-21 00:00:00

altlinux

Security fix for the ALT Linux 7 package apr1 version 1.4.4-alt1

2011-05-13 00:00:00

ubuntucve

CVE-2011-0419

2011-05-16 00:00:00

CVE-2011-1928

2011-05-24 00:00:00

centos

apr security update

2011-05-12 02:38:03

apr security update

2011-05-31 16:57:35

prion

Design/Logic Flaw

2011-05-16 17:55:00

Code injection

2011-05-24 23:55:00

cve

CVE-2011-0419

2011-05-16 17:55:00

CVE-2011-1928

2011-05-24 23:55:00

checkpoint_advisories

Apache APR apr_fnmatch Stack Overflow Denial of Service

2011-07-15 00:00:00

Apache APR apr_fnmatch Stack Overflow Denial of Service (CVE-2011-0419)

2011-08-16 00:00:00

veracode

Denial Of Service (DoS)

2020-04-10 00:58:59

Denial Of Service (DoS)

2020-04-10 01:02:57

K15920 : Apache vulnerability CVE-2011-0419

2014-12-18 00:00:00

SOL15920 - Apache vulnerability CVE-2011-0419

2014-12-18 00:00:00

SOL16879 - Apache Portable Runtime vulnerability CVE-2011-1928

2015-07-02 00:00:00

httpd

Apache Httpd < 2.0.65 : apr_fnmatch flaw leads to mod_autoindex remote DoS

2011-03-02 00:00:00

Apache Httpd < 2.2.19 : apr_fnmatch flaw leads to mod_autoindex remote DoS

2011-03-02 00:00:00

seebug

Apache APR 'apr_fnmatch()'拒绝服务漏洞

2011-05-13 00:00:00

freebsd

Apache APR -- DoS vulnerabilities

2011-05-19 00:00:00

Apache APR -- DoS vulnerabilities

2011-05-19 00:00:00

fedora

[SECURITY] Fedora 15 Update: apr-1.4.5-1.fc15

2011-06-02 10:55:41

[SECURITY] Fedora 14 Update: apr-1.4.5-1.fc14

2011-06-04 03:01:11

[SECURITY] Fedora 15 Update: apr-1.4.5-1.fc15

2011-06-02 19:12:11

ubuntu

APR vulnerabilities

2011-05-24 00:00:00

gentoo

Apache Portable Runtime, APR Utility Library: Denial of service

2014-05-18 00:00:00

suse

Security update for apache2 (important)

2011-11-09 19:08:34

kaspersky

KLA10065 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

hackerone

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

oracle

Oracle Critical Patch Update - July 2013

2013-07-16 00:00:00

Oracle Critical Patch Update - July 2012

2012-07-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.968 High

EPSS

Percentile

99.7%

JSON

Related for 00B296B6-7DB1-11E0-96B7-00300582F9FC