Denial Of Service (DoS)

apr is vulnerable to denial of service. The fix for CVE-2011-0419 released via RHSA-2011:0507 introduced an infinite loop flaw in the aprfnmatch function when the APRFNMPATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application...

FreeBSD : subversion -- several vulnerabilities (83a418cc-2182-11e4-802c-20cf30e32f6d)

Subversion Project reports : Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...

Scientific Linux Security Update : apr on SL4.x, SL5.x i386/x86_64

The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the aprfnmatch function when the APRFNMPATHNAME matching flag was...

Scientific Linux Security Update : apr on SL6.x i386/x86_64

The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the aprfnmatch function when the APRFNMPATHNAME matching flag was...

CentOS Update for apr CESA-2011:0844 centos5 x86_64

Check for the Version of apr OpenVAS Vulnerability Test CentOS Update for apr CESA-2011:0844 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

CentOS Update for apr CESA-2011:0844 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Moderate: Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.2 update

JBoss Enterprise Web Server 1.0.2 is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

apr security update

1.3.9-3.2 - add fix for aprfnmatch regression CVE-2011-1928, 706352...

Apache 2.2.x < 2.2.18 APR apr_fnmatch DoS

According to its banner, the version of Apache 2.2.x running on the remote host is 2.2.18. It is, therefore, affected by a denial of service vulnerability due to an error in the fnmatch implementation in 'aprfnmatch.c' in the bundled Apache Portable Runtime APR library. Successful exploitation of...

FreeBSD : Apache APR -- DoS vulnerabilities (99a5590c-857e-11e0-96b7-00300582f9fc)

The Apache Portable Runtime Project reports : A flaw was discovered in the aprfnmatch function in the Apache Portable Runtime APR library 1.4.4 or any backported versions that contained the upstream fix for CVE-2011-0419. This could cause httpd workers to enter a hung state 100% CPU utilization...

Apache APR -- DoS vulnerabilities

The Apache Portable Runtime Project reports: A flaw was discovered in the aprfnmatch function in the Apache Portable Runtime APR library 1.4.4 or any backported versions that contained the upstream fix for CVE-2011-0419. This could cause httpd workers to enter a hung state 100% CPU utilization...

Mandriva Update for apr MDVSA-2011:084 (apr)

Check for the Version of apr OpenVAS Vulnerability Test Mandriva Update for apr MDVSA-2011:084 apr Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Apache APR 'apr_fnmatch()'拒绝服务漏洞

gtraq ID: 47820 CVE ID：CVE-2011-0419 Apache APR-util是一款可移植运行库，全名为Apache Portable Runtime。 当处理某些模式时"aprfnmatch"函数存在循环递归错误，通过提交包含通配符如""的特制请求时可触发基于栈的溢出 Apache APR 1.x 厂商解决方案 Apache Software Foundation APR 1.4.4 已经修复此漏洞，建议用户下载使用： http://www.apache.org/dist/apr/CHANGES-APR-1.4...

Apache 2.2.x < 2.2.18 APR apr_fnmatch DoS

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.18. It is, therefore, affected by a denial of service vulnerability due to an error in the aprfnmatch function of the bundled APR library. If modautoindex is enabled and has indexed a directory...

Apache APR -- DoS vulnerabilities

The Apache Portable Runtime Project reports: Note especially a security fix to APR 1.4.4, excessive CPU consumption was possible due to an unconstrained, recursive invocation of aprfnmatch, as aprfnmatch processed '' wildcards. Reimplement aprfnmatch from scratch using a non-recursive algorithm n...

Apache Httpd < 2.2.19 : apr_fnmatch flaw leads to mod_autoindex remote DoS

A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...

Apache Httpd < 2.0.65 : apr_fnmatch flaw leads to mod_autoindex remote DoS

A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...