Lucene search

K
ubuntuUbuntuUSN-1134-1
HistoryMay 24, 2011 - 12:00 a.m.

APR vulnerabilities

2011-05-2400:00:00
ubuntu.com
35

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.969 High

EPSS

Percentile

99.7%

Releases

  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • apache2 - a scalable, extensible web server
  • apr - The Apache Portable Runtime Library

Details

Maksymilian Arciemowicz reported that a flaw in the fnmatch()
implementation in the Apache Portable Runtime (APR) library could allow
an attacker to cause a denial of service. This can be demonstrated
in a remote denial of service attack against mod_autoindex in the
Apache web server. (CVE-2011-0419)

Is was discovered that the fix for CVE-2011-0419 introduced a different
flaw in the fnmatch() implementation that could also result in a
denial of service. (CVE-2011-1928)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchlibapr1< 1.2.11-1ubuntu0.2UNKNOWN
Ubuntu8.04noarchlibapr1-dbg< 1.2.11-1ubuntu0.2UNKNOWN
Ubuntu8.04noarchlibapr1-dev< 1.2.11-1ubuntu0.2UNKNOWN
Ubuntu6.06noarchlibapr0< 2.0.55-4ubuntu2.13UNKNOWN
Ubuntu6.06noarchapache2< 2.0.55-4ubuntu2.13UNKNOWN
Ubuntu6.06noarchapache2-common< 2.0.55-4ubuntu2.13UNKNOWN
Ubuntu6.06noarchapache2-mpm-perchild< 2.0.55-4ubuntu2.13UNKNOWN
Ubuntu6.06noarchapache2-mpm-prefork< 2.0.55-4ubuntu2.13UNKNOWN
Ubuntu6.06noarchapache2-mpm-worker< 2.0.55-4ubuntu2.13UNKNOWN
Ubuntu6.06noarchapache2-prefork-dev< 2.0.55-4ubuntu2.13UNKNOWN
Rows per page:
1-10 of 221

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.969 High

EPSS

Percentile

99.7%