Denial of Service Vulnerability in Apache HTTP Server and Apache Portable Runtime
CVE-2011-1928

Currently unrated

Key Information:

Vendor: Apache
Status: Apr-util; Http Server
Vendor: CVE Published:; 24 May 2011

Summary

The fnmatch implementation in the Apache Portable Runtime (APR) library, specifically versions 1.4.3 and 1.4.4, along with Apache HTTP Server 2.2.18, is susceptible to a denial of service attack. Malicious users may exploit this vulnerability by sending URIs that do not conform to certain wildcard patterns, resulting in an infinite loop. This issue is a result of an inadequate fix for a prior vulnerability, which reinforces the importance of comprehensive testing and security validation in software development.

References

http://www.redhat.com/support/errata/RHSA-2011-0844.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/44661

third-party-advisoryx_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=134987041210674&w=2

vendor-advisoryx_refsource_HP

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 24, 2011
Vulnerability Reserved
May 9, 2011