4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.968 High
EPSS
Percentile
99.7%
Stack consumption vulnerability in the fnmatch implementation in
apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and
the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD
5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and
Android, allows context-dependent attackers to cause a denial of service
(CPU and memory consumption) via *? sequences in the first argument, as
demonstrated by attacks against mod_autoindex in httpd.
Author | Note |
---|---|
jdstrand | TODO: also check apr-util |
sbeattie | update for apr-util is not needed. |