Published: 16/05/2011 Updated: 02/04/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 436

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Subscribe to Apache

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library prior to 1.4.3 and the Apache HTTP Server prior to 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent malicious users to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache portable runtime
apache http server
netbsd netbsd 5.1
google android
freebsd freebsd
openbsd openbsd 4.8
apple mac os x 10.6.0
oracle solaris 10
debian debian linux 5.0
debian debian linux 7.0
debian debian linux 6.0
suse linux enterprise server 10

Debian Bug report logs - #627182 libapr1: last security update introduces a infinite loop condition Package: libapr1; Maintainer for libapr1 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for libapr1 is src:apr (PTS, buildd, popcon) Reported by: Tanguy Ortolo <tanguy+debian@ortoloeu> Date: Wed ...

A denial of service issue exists that affects the Apache web server ...

A flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage This could be used in a denial of service attack For the oldstable ...

source: wwwsecurityfocuscom/bid/47820/info Apache APR is prone to a vulnerability that may allow attackers to cause a denial-of-service condition Apache APR versions prior to 144 are vulnerable <?php /* Apache 2217 mod_autoindex local/remote Denial of Service author: Maksymilian Arciemowicz CVE: CVE-2011-0419 CWE: CWE-399 RE ...

Entity Extraction Using Syntaxnet Entity Extraction is a subtask of information extraction that seeks to locate and classify named entities in text into pre-defined categories such as the names of persons, organizations, locations, expressions of times, quantities, monetary values, percentages, etc NLP libraries like Spacy and NLTK are used for this purpose The drawback is th

Entity Extraction Using Syntaxnet Entity Extraction is a subtask of information extraction that seeks to locate and classify named entities in text into pre-defined categories such as the names of persons, organizations, locations, expressions of times, quantities, monetary values, percentages, etc NLP libraries like Spacy and NLTK are used for this purpose The drawback is th

CWE-770 http://cxib.net/stuff/apr_fnmatch.txts http://securityreason.com/achievement_securityalert/98 http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15 http://www.apache.org/dist/apr/CHANGES-APR-1.4 http://httpd.apache.org/security/vulnerabilities_22.html http://svn.apache.org/viewvc?view=revision&revision=1098188 http://secunia.com/advisories/44490 http://www.redhat.com/support/errata/RHSA-2011-0507.html http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22 http://www.apache.org/dist/apr/Announcement1.x.html http://securitytracker.com/id?1025527 http://www.apache.org/dist/httpd/Announcement2.2.html http://secunia.com/advisories/44564 https://bugzilla.redhat.com/show_bug.cgi?id=703390 http://cxib.net/stuff/apache.fnmatch.phps http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902 http://svn.apache.org/viewvc?view=revision&revision=1098799 http://secunia.com/advisories/44574 http://www.debian.org/security/2011/dsa-2237 http://www.mandriva.com/security/advisories?name=MDVSA-2011:084 http://www.redhat.com/support/errata/RHSA-2011-0897.html http://www.redhat.com/support/errata/RHSA-2011-0896.html http://securityreason.com/securityalert/8246 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://marc.info/?l=bugtraq&m=131551295528105&w=2 http://marc.info/?l=bugtraq&m=131731002122529&w=2 http://marc.info/?l=bugtraq&m=132033751509019&w=2 http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://marc.info/?l=bugtraq&m=134987041210674&w=2 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638 http://secunia.com/advisories/48308 http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182 https://usn.ubuntu.com/1134-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/35738/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook