68 matches found
Apache HTTP Server DoS Vulnerability (May 2011) - Linux
Apache HTTP Server is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
SOL16879 - Apache Portable Runtime vulnerability CVE-2011-1928
The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...
Oracle Linux 4 : httpd (ELSA-2008-0006)
From Red Hat Security Advisory 2008:0006 : Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web...
Oracle Linux 3 : httpd (ELSA-2008-0005)
From Red Hat Security Advisory 2008:0005 : Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web...
Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64
A flaw was found in the modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar...
Scientific Linux Security Update : apr on SL4.x, SL5.x, SL6.x i386/x86_64
It was discovered that the aprfnmatch function used an unconstrained recursion when processing patterns with the '' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching such as an httpd server using th...
FreeBSD Ports: apr0
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian Security Advisory DSA 2237-1 (apr)
The remote host is missing an update to apr announced via advisory DSA 2237-1. OpenVAS Vulnerability Test $Id: deb22371.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2237-1 apr Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian Security Advisory DSA 2237-1 (apr)
The remote host is missing an update to apr announced via advisory DSA 2237-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Ubuntu Update for apr USN-1134-1
Ubuntu Update for Linux kernel vulnerabilities USN-1134-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11341.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for apr USN-1134-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...
Apache 2.2.x < 2.2.18 APR apr_fnmatch DoS
According to its banner, the version of Apache 2.2.x running on the remote host is 2.2.18. It is, therefore, affected by a denial of service vulnerability due to an error in the fnmatch implementation in 'aprfnmatch.c' in the bundled Apache Portable Runtime APR library. Successful exploitation of...
Code injection
The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...
CVE-2011-1928
The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...
USN-1134-1: APR vulnerabilities
Maksymilian Arciemowicz reported that a flaw in the fnmatch implementation in the Apache Portable Runtime APR library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against modautoindex in the Apache web server. CVE-2011-0419 Is...
[SECURITY] [DSA 2237-2] apr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2237-2 [email protected] http://www.debian.org/security/ Stefan Fritsch May 21, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2237-2] apr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2237-2 [email protected] http://www.debian.org/security/ Stefan Fritsch May 21, 2011 http://www.debian.org/security/faq -...
apr / Apache mod_autoindex DoS
CPU resources exhaustion on request to indexed files with long names...
Design/Logic Flaw
Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...
CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...