CVE-2011-0419

Currently unrated

Key Information:

Vendor: Apache
Status: Portable Runtime
Vendor: CVE Published:; 16 May 2011

Summary

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

References

http://secunia.com/advisories/44574

third-party-advisoryx_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=131731002122529&w=2

vendor-advisoryx_refsource_HP

http://marc.info/?l=bugtraq&m=134987041210674&w=2

vendor-advisoryx_refsource_HP

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 16, 2011
Vulnerability Reserved
Jan 11, 2011