4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
apr is vulnerable to denial of service. The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function.
CPE | Name | Operator | Version |
---|---|---|---|
apr | eq | 0.9.4__25.el4 | |
apr | eq | 0.9.4__24.9.el4_8.2 | |
apr | eq | 0.9.4__25.el4 | |
apr | eq | 0.9.4__24.9.el4_8.2 |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E
mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%[email protected]%3E
mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e
mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%[email protected]%3e
marc.info/?l=bugtraq&m=134987041210674&w=2
openwall.com/lists/oss-security/2011/05/19/10
openwall.com/lists/oss-security/2011/05/19/5
secunia.com/advisories/44558
secunia.com/advisories/44613
secunia.com/advisories/44661
secunia.com/advisories/44780
secunia.com/advisories/48308
www.mandriva.com/security/advisories?name=MDVSA-2011:095
www.redhat.com/support/errata/RHSA-2011-0844.html
www.vupen.com/english/advisories/2011/1289
www.vupen.com/english/advisories/2011/1290
access.redhat.com/errata/RHSA-2011:0844
access.redhat.com/security/updates/classification/#low
issues.apache.org/bugzilla/show_bug.cgi?id=51219
rhn.redhat.com/errata/RHSA-2011-0507.html