exploit the possibilities
Showing 1 - 20 of 20 RSS Feed

CVE-2011-0419

Status Candidate

Overview

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Related Files

Gentoo Linux Security Advisory 201405-24
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-24 - Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. Versions less than 1.4.8-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2010-1623, CVE-2011-0419, CVE-2011-1928, CVE-2012-0840
MD5 | fd0511db59c5374e37aadfc393ba5acc
HP Security Bulletin HPSBOV02822 SSRT100966
Posted Oct 10, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02822 SSRT100966 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0031
MD5 | e1f82d9a3ffa416c71546e93e67ab525
HP Security Bulletin HPSBMU02764 SSRT100827 2
Posted Apr 20, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02764 SSRT100827 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192
MD5 | aff846af673c7b44d692485afd250089
HP Security Bulletin HPSBMU02764 SSRT100827
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02764 SSRT100827 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192
MD5 | 230e5876c2c2c77609e110526b8cc06b
HP Security Bulletin HPSBMU02704 SSRT100619
Posted Nov 3, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02704 SSRT100619 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2011-0419, CVE-2011-3192, CVE-2011-3348
MD5 | b8fafe5b0cfd2480bdde62e8af7462f1
HP Security Bulletin HPSBUX02707 SSRT100626 2
Posted Oct 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02707 SSRT100626 2 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, web, denial of service
systems | hpux
advisories | CVE-2011-0419, CVE-2011-3192, CVE-2011-3348
MD5 | 1910a5f2a7b0b6a209e08b4728405fb8
HP Security Bulletin HPSBUX02702 SSRT100606 5
Posted Oct 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02702 SSRT100606 5 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 5 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2011-0419, CVE-2011-3192
MD5 | e7ec8f1355f27e267a2066b4c1a7893d
Apple Security Advisory 2011-10-12-3
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.

tags | advisory, arbitrary, code execution
systems | apple, osx
advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419
MD5 | 50a5772c2540863ea47a21c4c5193ca5
HP Security Bulletin HPSBUX02707 SSRT100626
Posted Sep 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02707 SSRT100626 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service
systems | hpux
advisories | CVE-2011-0419, CVE-2011-3192, CVE-2011-3348
MD5 | 8a678b484a05b954ab86372e530db32d
HP Security Bulletin HPSBUX02702 SSRT100606 4
Posted Sep 28, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02702 SSRT100606 4 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 4 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2011-0419, CVE-2011-3192
MD5 | efadb54cff94128a8a2ffa299823f98c
HP Security Bulletin HPSBUX02702 SSRT100606 2
Posted Sep 10, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02702 SSRT100606 2 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2011-0419, CVE-2011-3192
MD5 | b823ced998dbf9b88c13a03ba94e2fd9
HP Security Bulletin HPSBUX02702 SSRT100606
Posted Sep 9, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02702 SSRT100606 - A potential security vulnerability has been identified with HP-UX Apache Web Server. These vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service
systems | hpux
advisories | CVE-2011-0419, CVE-2011-3192
MD5 | 309c6672b97deaad039191c96879c5fc
Red Hat Security Advisory 2011-0897-01
Posted Jun 24, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0897-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0419
MD5 | 9de54ad040c8eb936e10d927b269176f
Red Hat Security Advisory 2011-0896-01
Posted Jun 24, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419
MD5 | 5e2544d20fad08fc33f74eb54e65a77a
Ubuntu Security Notice USN-1134-1
Posted May 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1134-1 - Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. Is was discovered that the fix for CVE-2011-0419 introduced a different flaw in the fnmatch() implementation that could also result in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-0419, CVE-2011-1928
MD5 | 7640fe85831b9ec631f18a4b21a8ece4
Mandriva Linux Security Advisory 2011-095-1
Posted May 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-095 - It was discovered that the fix for CVE-2011-0419 under certain conditions could cause a denial-of-service attack in APR.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-0419, CVE-2011-1928
MD5 | d275ab912f5f2e4ebcf499cb9451c281
Debian Security Advisory 2237-2
Posted May 21, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2237-2 - The recent APR update DSA-2237-1 introduced a regression that could lead to an endless loop in the apr_fnmatch() function, causing a denial of service. This update fixes this problem.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2011-0419, CVE-2011-1928
MD5 | 7ac1117c6f245c7f34030cf9e8b7bea4
Debian Security Advisory 2237-1
Posted May 15, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2237-1 - A flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2011-0419
MD5 | 1cfce54efe35578d119ecd1b6dcf809f
Mandriva Linux Security Advisory 2011-084
Posted May 14, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-084 - It was discovered that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-0419
MD5 | aa1ad7c1e468eeb097ff04d4522220c5
libc/fnmatch(3) Denial Of Service
Posted May 13, 2011
Authored by Maksymilian Arciemowicz

Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.

tags | exploit, denial of service, proof of concept
systems | linux, netbsd, solaris, freebsd, openbsd, apple, osx
advisories | CVE-2011-0419
MD5 | f3473d6423020b4e1327c5b4a2fc57fd
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close