Back to search
CVE-2011-1928
Published: May 24, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2011:0844
vendor-advisory
x_refsource_REDHAT
44661
third-party-advisory
x_refsource_SECUNIA
SSRT100966
vendor-advisory
x_refsource_HP
48308
third-party-advisory
x_refsource_SECUNIA
MDVSA-2011:095
vendor-advisory
x_refsource_MANDRIVA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
x_refsource_CONFIRM
ADV-2011-1289
vdb-entry
x_refsource_VUPEN
HPSBOV02822
vendor-advisory
x_refsource_HP
44613
third-party-advisory
x_refsource_SECUNIA
[www-announce] 20110519 Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11
mailing-list
x_refsource_MLIST
[oss-security] 20110519 CVE request: DoS in apr due to CVE-2011-0419 fix
mailing-list
x_refsource_MLIST
44780
third-party-advisory
x_refsource_SECUNIA
ADV-2011-1290
vdb-entry
x_refsource_VUPEN
44558
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20110519 Re: CVE request: DoS in apr due to CVE-2011-0419 fix
mailing-list
x_refsource_MLIST
[httpd-announce] 20110519 Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11
mailing-list
x_refsource_MLIST
https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
x_refsource_CONFIRM
SUSE-SU-2011:1229
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now