The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x up to and including 2.0.64 and 2.2.x up to and including 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.0 |
||
apache http server 2.0.9 |
||
apache http server 2.0.28 |
||
apache http server 2.0.32 |
||
apache http server 2.0.34 |
||
apache http server 2.0.35 |
||
apache http server 2.0.36 |
||
apache http server 2.0.37 |
||
apache http server 2.0.38 |
||
apache http server 2.0.39 |
||
apache http server 2.0.40 |
||
apache http server 2.0.41 |
||
apache http server 2.0.42 |
||
apache http server 2.0.43 |
||
apache http server 2.0.44 |
||
apache http server 2.0.45 |
||
apache http server 2.0.46 |
||
apache http server 2.0.47 |
||
apache http server 2.0.48 |
||
apache http server 2.0.49 |
||
apache http server 2.0.50 |
||
apache http server 2.0.51 |
||
apache http server 2.0.52 |
||
apache http server 2.0.53 |
||
apache http server 2.0.54 |
||
apache http server 2.0.55 |
||
apache http server 2.0.56 |
||
apache http server 2.0.57 |
||
apache http server 2.0.58 |
||
apache http server 2.0.59 |
||
apache http server 2.0.60 |
||
apache http server 2.0.61 |
||
apache http server 2.0.63 |
||
apache http server 2.0.64 |
||
apache http server 2.2.0 |
||
apache http server 2.2.1 |
||
apache http server 2.2.2 |
||
apache http server 2.2.3 |
||
apache http server 2.2.4 |
||
apache http server 2.2.6 |
||
apache http server 2.2.8 |
||
apache http server 2.2.9 |
||
apache http server 2.2.10 |
||
apache http server 2.2.11 |
||
apache http server 2.2.12 |
||
apache http server 2.2.13 |
||
apache http server 2.2.14 |
||
apache http server 2.2.15 |
||
apache http server 2.2.16 |
||
apache http server 2.2.18 |
||
apache http server 2.2.19 |
||
apache http server 2.2.20 |
||
apache http server 2.2.21 |