CVE - CVE-2011-1928

CVE-ID
CVE-2011-1928	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:44558 URL:http://secunia.com/advisories/44558 MISC:44613 URL:http://secunia.com/advisories/44613 MISC:44661 URL:http://secunia.com/advisories/44661 MISC:44780 URL:http://secunia.com/advisories/44780 MISC:48308 URL:http://secunia.com/advisories/48308 MISC:ADV-2011-1289 URL:~~http://www.vupen.com/english/advisories/2011/1289~~ (Obsolete source) MISC:ADV-2011-1290 URL:~~http://www.vupen.com/english/advisories/2011/1290~~ (Obsolete source) MISC:HPSBOV02822 URL:http://marc.info/?l=bugtraq&m=134987041210674&w=2 MISC:MDVSA-2011:095 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:095~~ (Obsolete source) MISC:RHSA-2011:0844 URL:http://www.redhat.com/support/errata/RHSA-2011-0844.html MISC:SSRT100966 URL:http://marc.info/?l=bugtraq&m=134987041210674&w=2 MISC:SUSE-SU-2011:1229 URL:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html MISC:[httpd-announce] 20110519 Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11 URL:http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E MISC:[oss-security] 20110519 CVE request: DoS in apr due to CVE-2011-0419 fix URL:http://openwall.com/lists/oss-security/2011/05/19/5 MISC:[oss-security] 20110519 Re: CVE request: DoS in apr due to CVE-2011-0419 fix URL:http://openwall.com/lists/oss-security/2011/05/19/10 MISC:[www-announce] 20110519 Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11 URL:http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182 URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182 MISC:https://issues.apache.org/bugzilla/show_bug.cgi?id=51219 URL:https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
Assigning CNA
Red Hat, Inc.
Date Record Created
20110509	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110509)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)