A flaw was discovered in the apr_fnmatch() function in the
Apache Portable Runtime (APR) library 1.4.4 (or any backported
versions that contained the upstream fix for CVE-2011-0419).
This could cause httpd workers to enter a hung state (100% CPU
utilization).
apr-util 1.3.11 could cause crashes with httpd’s
mod_authnz_ldap in some situations.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchapr1< 1.4.5.1.3.12UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	apr1	< 1.4.5.1.3.12	UNKNOWN

References

www.apache.org/dist/apr/Announcement1.x.html

bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1928

openvas 59

nessus 37

fedora 5

ubuntucve 2

debian 4

ubuntu 1

centos 2

debiancve 2

securityvulns 8

f5 4

redhat 3

prion 2

cve 2

veracode 2

gentoo 1

altlinux 2

slackware 2

oraclelinux 2

suse 1

exploitpack 1

freebsd 2

checkpoint_advisories 2

httpd 2

seebug 1

kaspersky 1

hackerone 1

oracle 2

openvas

Debian Security Advisory DSA 2237-2 (apr)

2011-08-03 00:00:00

Ubuntu: Security Advisory (USN-1134-1)

2011-06-03 00:00:00

FreeBSD Ports: apr1

2011-08-03 00:00:00

nessus

Fedora 13 : apr-1.4.5-1.fc13 (2011-7340)

2011-06-06 00:00:00

CentOS 4 / 5 : apr (CESA-2011:0844)

2011-06-02 00:00:00

Scientific Linux Security Update : apr on SL4.x, SL5.x i386/x86_64

2012-08-01 00:00:00

fedora

[SECURITY] Fedora 14 Update: apr-1.4.5-1.fc14

2011-06-04 03:01:11

[SECURITY] Fedora 15 Update: apr-1.4.5-1.fc15

2011-06-02 10:55:41

[SECURITY] Fedora 15 Update: apr-1.4.5-1.fc15

2011-06-02 19:12:11

ubuntucve

CVE-2011-1928

2011-05-24 00:00:00

CVE-2011-0419

2011-05-16 00:00:00

debian

[SECURITY] [DSA 2237-2] apr security update

2011-05-21 08:01:12

[SECURITY] [DSA 2237-2] apr security update

2011-05-21 08:01:12

[SECURITY] [DSA 2237-1] apr security update

2011-05-15 09:25:17

ubuntu

APR vulnerabilities

2011-05-24 00:00:00

centos

apr security update

2011-05-31 16:57:35

apr security update

2011-05-12 02:38:03

debiancve

CVE-2011-1928

2011-05-24 23:55:00

CVE-2011-0419

2011-05-16 17:55:00

securityvulns

apr / Apache mod_autoindex DoS

2011-05-21 00:00:00

[ MDVSA-2011:095 ] apr

2011-05-21 00:00:00

[SECURITY] [DSA 2237-1] apr security update

2011-05-16 00:00:00

SOL16879 - Apache Portable Runtime vulnerability CVE-2011-1928

2015-07-02 00:00:00

K16879 : Apache Portable Runtime vulnerability CVE-2011-1928

2015-07-02 00:00:00

K15920 : Apache vulnerability CVE-2011-0419

2014-12-18 00:00:00

redhat

(RHSA-2011:0844) Low: apr security update

2011-05-31 00:00:00

(RHSA-2011:0507) Moderate: apr security update

2011-05-11 00:00:00

(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update

2011-06-22 00:00:00

prion

Code injection

2011-05-24 23:55:00

Design/Logic Flaw

2011-05-16 17:55:00

cve

CVE-2011-1928

2011-05-24 23:55:00

CVE-2011-0419

2011-05-16 17:55:00

veracode

Denial Of Service (DoS)

2020-04-10 01:02:57

Denial Of Service (DoS)

2020-04-10 00:58:59

gentoo

Apache Portable Runtime, APR Utility Library: Denial of service

2014-05-18 00:00:00

altlinux

Security fix for the ALT Linux 7 package apr1 version 1.4.6-alt1

2012-11-16 00:00:00

Security fix for the ALT Linux 7 package apr1 version 1.4.4-alt1

2011-05-13 00:00:00

slackware

[slackware-security] apr/apr-util

2011-05-25 23:18:28

[slackware-security] apr/apr-util

2011-05-14 05:03:34

oraclelinux

apr security update

2011-05-31 00:00:00

apr security update

2011-05-11 00:00:00

suse

Security update for apache2 (important)

2011-11-09 19:08:34

exploitpack

Apache 1.42.2.x - APR apr_fnmatch() Denial of Service

2011-05-12 00:00:00

freebsd

Apache APR -- DoS vulnerabilities

2011-05-10 00:00:00

Apache APR -- DoS vulnerabilities

2011-05-19 00:00:00

checkpoint_advisories

Apache APR apr_fnmatch Stack Overflow Denial of Service

2011-07-15 00:00:00

Apache APR apr_fnmatch Stack Overflow Denial of Service (CVE-2011-0419)

2011-08-16 00:00:00

httpd

Apache Httpd < 2.0.65 : apr_fnmatch flaw leads to mod_autoindex remote DoS

2011-03-02 00:00:00

Apache Httpd < 2.2.19 : apr_fnmatch flaw leads to mod_autoindex remote DoS

2011-03-02 00:00:00

seebug

Apache APR 'apr_fnmatch()'拒绝服务漏洞

2011-05-13 00:00:00

kaspersky

KLA10065 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

hackerone

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

oracle

Oracle Critical Patch Update - July 2013

2013-07-16 00:00:00

Oracle Critical Patch Update - July 2012

2012-07-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.968 High

EPSS

Percentile

99.7%

JSON

Related for 99A5590C-857E-11E0-96B7-00300582F9FC