Vulnerability CVE-2011-1928


Published: 2011-05-24   Modified: 2012-01-18

Description:
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

Type:

CWE-399

(Resource Management Errors)

Vendor: Apache
Product: Http server 
Version: 2.2.18;
Product: Apr-util 
Version: 1.4.4; 1.4.3;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005@apache.org%3e
http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403@apache.org%3E
https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
http://www.vupen.com/english/advisories/2011/1290
http://www.vupen.com/english/advisories/2011/1289
http://www.redhat.com/support/errata/RHSA-2011-0844.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
http://secunia.com/advisories/44780
http://secunia.com/advisories/44661
http://secunia.com/advisories/44613
http://secunia.com/advisories/44558
http://openwall.com/lists/oss-security/2011/05/19/5
http://openwall.com/lists/oss-security/2011/05/19/10
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182

Related CVE
CVE-2017-5659
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
CVE-2016-5396
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application ...
CVE-2017-5651
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to th...
CVE-2017-5647
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file pr...
CVE-2017-5648
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrus...
CVE-2016-6808
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
CVE-2016-0779
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.

Copyright 2017, cxsecurity.com