what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2011-1928

Status Candidate

Overview

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

Related Files

Gentoo Linux Security Advisory 201405-24
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-24 - Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. Versions less than 1.4.8-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2010-1623, CVE-2011-0419, CVE-2011-1928, CVE-2012-0840
MD5 | fd0511db59c5374e37aadfc393ba5acc
HP Security Bulletin HPSBOV02822 SSRT100966
Posted Oct 10, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02822 SSRT100966 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0031
MD5 | e1f82d9a3ffa416c71546e93e67ab525
HP Security Bulletin HPSBMU02764 SSRT100827 2
Posted Apr 20, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02764 SSRT100827 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192
MD5 | aff846af673c7b44d692485afd250089
HP Security Bulletin HPSBMU02764 SSRT100827
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02764 SSRT100827 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192
MD5 | 230e5876c2c2c77609e110526b8cc06b
Red Hat Security Advisory 2011-0844-01
Posted Jun 1, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0844-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. Note: This problem affected httpd configurations using the "Location" directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1928
MD5 | c0a2ce41f3ce118688f2b143c0c909ee
Ubuntu Security Notice USN-1134-1
Posted May 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1134-1 - Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. Is was discovered that the fix for CVE-2011-0419 introduced a different flaw in the fnmatch() implementation that could also result in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-0419, CVE-2011-1928
MD5 | 7640fe85831b9ec631f18a4b21a8ece4
Mandriva Linux Security Advisory 2011-095-1
Posted May 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-095 - It was discovered that the fix for CVE-2011-0419 under certain conditions could cause a denial-of-service attack in APR.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-0419, CVE-2011-1928
MD5 | d275ab912f5f2e4ebcf499cb9451c281
Debian Security Advisory 2237-2
Posted May 21, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2237-2 - The recent APR update DSA-2237-1 introduced a regression that could lead to an endless loop in the apr_fnmatch() function, causing a denial of service. This update fixes this problem.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2011-0419, CVE-2011-1928
MD5 | 7ac1117c6f245c7f34030cf9e8b7bea4
Mandriva Linux Security Advisory 2011-095
Posted May 20, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-095 - It was discovered that the fix for under certain conditions could cause a denial-of-service attack in APR.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-1928
MD5 | 3ddb82c75da0ce9811331ca51dc22f44
Page 1 of 1
Back1Next

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    1 Files
  • 29
    Nov 29th
    11 Files
  • 30
    Nov 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close