Stack Consumption Vulnerability in Apache Portable Runtime and HTTP Server
CVE-2011-0419

Currently unrated

Key Information:

Vendor: Apache
Status: Portable Runtime
Vendor: CVE Published:; 16 May 2011

Summary

A stack consumption vulnerability exists in the fnmatch function of the Apache Portable Runtime (APR) library and the Apache HTTP Server, as well as in the libc implementations across various operating systems, including NetBSD, OpenBSD, FreeBSD, Apple Mac OS X, Oracle Solaris, and Android. This flaw allows context-dependent attackers to exploit crafted input patterns, particularly sequences involving wildcards, leading to denial of service through excessive CPU and memory usage. Such attacks may disrupt service availability by overwhelming the system's resources.

References

http://secunia.com/advisories/44574

third-party-advisoryx_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=131731002122529&w=2

vendor-advisoryx_refsource_HP

http://marc.info/?l=bugtraq&m=134987041210674&w=2

vendor-advisoryx_refsource_HP

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 16, 2011
Vulnerability Reserved
Jan 11, 2011