CVE - CVE-2011-1928

CVE-ID
CVE-2011-1928	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[httpd-announce] 20110519 Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11 URL:http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403@apache.org%3E MLIST:[oss-security] 20110519 CVE request: DoS in apr due to CVE-2011-0419 fix URL:http://openwall.com/lists/oss-security/2011/05/19/5 MLIST:[oss-security] 20110519 Re: CVE request: DoS in apr due to CVE-2011-0419 fix URL:http://openwall.com/lists/oss-security/2011/05/19/10 MLIST:[www-announce] 20110519 Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11 URL:http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005@apache.org%3e CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182 CONFIRM:https://issues.apache.org/bugzilla/show_bug.cgi?id=51219 HP:HPSBOV02822 URL:http://marc.info/?l=bugtraq&m=134987041210674&w=2 HP:SSRT100966 URL:http://marc.info/?l=bugtraq&m=134987041210674&w=2 MANDRIVA:MDVSA-2011:095 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:095 REDHAT:RHSA-2011:0844 URL:http://www.redhat.com/support/errata/RHSA-2011-0844.html SUSE:SUSE-SU-2011:1229 URL:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html SECUNIA:44558 URL:http://secunia.com/advisories/44558 SECUNIA:44661 URL:http://secunia.com/advisories/44661 SECUNIA:44780 URL:http://secunia.com/advisories/44780 SECUNIA:44613 URL:http://secunia.com/advisories/44613 SECUNIA:48308 URL:http://secunia.com/advisories/48308 VUPEN:ADV-2011-1289 URL:http://www.vupen.com/english/advisories/2011/1289 VUPEN:ADV-2011-1290 URL:http://www.vupen.com/english/advisories/2011/1290
Assigning CNA
N/A
Date Entry Created
20110509	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110509)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org