Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-1928

Published: 24/05/2011 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Apr-util

Vulnerability Summary

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote malicious users to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache apr-util 1.4.3

apache http server 2.2.18

apache apr-util 1.4.4

Vendor Advisories

Debian CVElist Bug Report Logs: libapr1: last security update introduces a infinite loop condition
Debian Bug report logs - #627182 libapr1: last security update introduces a infinite loop condition Package: libapr1; Maintainer for libapr1 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for libapr1 is src:apr (PTS, buildd, popcon) Reported by: Tanguy Ortolo <tanguy+debian@ortoloeu> Date: Wed ...
Ubuntu Security Notice: apache2, apr vulnerabilities
A denial of service issue exists that affects the Apache web server ...

Github Repositories

https://github.com/rameel12/Entity-Extractor-Using-Syntaxnet

Entity Extraction Using Syntaxnet Entity Extraction is a subtask of information extraction that seeks to locate and classify named entities in text into pre-defined categories such as the names of persons, organizations, locations, expressions of times, quantities, monetary values, percentages, etc NLP libraries like Spacy and NLTK are used for this purpose The drawback is th

https://github.com/rameel12/Entity-Extraction-Using-Syntaxnet

Entity Extraction Using Syntaxnet Entity Extraction is a subtask of information extraction that seeks to locate and classify named entities in text into pre-defined categories such as the names of persons, organizations, locations, expressions of times, quantities, monetary values, percentages, etc NLP libraries like Spacy and NLTK are used for this purpose The drawback is th

References

CWE-399http://openwall.com/lists/oss-security/2011/05/19/5http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182http://www.vupen.com/english/advisories/2011/1290http://openwall.com/lists/oss-security/2011/05/19/10https://issues.apache.org/bugzilla/show_bug.cgi?id=51219http://www.vupen.com/english/advisories/2011/1289http://secunia.com/advisories/44558http://secunia.com/advisories/44661http://www.redhat.com/support/errata/RHSA-2011-0844.htmlhttp://secunia.com/advisories/44780http://www.mandriva.com/security/advisories?name=MDVSA-2011:095http://secunia.com/advisories/44613http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlhttp://marc.info/?l=bugtraq&m=134987041210674&w=2http://secunia.com/advisories/48308http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3ehttp://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3Ehttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182https://usn.ubuntu.com/1134-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook