Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-0419

Опубликовано: 16 мая 2011
Источник: nvd
CVSS2: 4.3
EPSS Средний

Описание

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*
Версия до 1.4.3 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия от 2.0.0 (включая) до 2.0.65 (включая)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия от 2.2.0 (включая) до 2.2.18 (включая)
Конфигурация 3

Одно из

cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.8:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*

EPSS

Процентиль: 98%
0.50389
Средний

4.3 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2011-0419

ubuntu
около 14 лет назад

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

redhat логотип

CVE-2011-0419

redhat
около 14 лет назад

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

debian логотип

CVE-2011-0419

debian
около 14 лет назад

Stack consumption vulnerability in the fnmatch implementation in apr_f ...

github логотип

GHSA-hx32-x2cq-h45v

github
около 3 лет назад

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

oracle-oval логотип

ELSA-2011-0507

oracle-oval
около 14 лет назад

ELSA-2011-0507: apr security update (MODERATE)

EPSS

Процентиль: 98%
0.50389
Средний

4.3 Medium

CVSS2

Дефекты

CWE-770