Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2011-0419
Description:Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Test IDs: 1.3.6.1.4.1.25623.1.0.69676   1.3.6.1.4.1.25623.1.0.69734   1.3.6.1.4.1.25623.1.0.69660   1.3.6.1.4.1.25623.1.0.69644   1.3.6.1.4.1.25623.1.0.69767   1.3.6.1.4.1.25623.1.0.69670   1.3.6.1.4.1.25623.1.0.69762   1.3.6.1.4.1.25623.1.0.69774   1.3.6.1.4.1.25623.1.0.69831   1.3.6.1.4.1.25623.1.0.69843   1.3.6.1.4.1.25623.1.0.69841   1.3.6.1.4.1.25623.1.0.69784   1.3.6.1.4.1.25623.1.0.70602   1.3.6.1.4.1.25623.1.0.70847   1.3.6.1.4.1.25623.1.0.802337   1.3.6.1.4.1.25623.1.0.71948   1.3.6.1.4.1.25623.1.0.122176   1.3.6.1.4.1.25623.1.0.831409   1.3.6.1.4.1.25623.1.0.880563   1.3.6.1.4.1.25623.1.0.880490   1.3.6.1.4.1.25623.1.0.881329   1.3.6.1.4.1.25623.1.0.881249   1.3.6.1.4.1.25623.1.0.870432   1.3.6.1.4.1.25623.1.0.880491   1.3.6.1.4.1.25623.1.0.840667   1.3.6.1.4.1.25623.1.0.880541   1.3.6.1.4.1.25623.1.0.881291   1.3.6.1.4.1.25623.1.0.881265   1.3.6.1.4.1.25623.1.0.870435   1.3.6.1.4.1.25623.1.0.831393   1.3.6.1.4.1.25623.1.0.831404  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-0419
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Debian Security Information: DSA-2237 (Google Search)
http://www.debian.org/security/2011/dsa-2237
HPdes Security Advisory: HPSBMU02704
http://marc.info/?l=bugtraq&m=132033751509019&w=2
HPdes Security Advisory: HPSBOV02822
http://marc.info/?l=bugtraq&m=134987041210674&w=2
HPdes Security Advisory: HPSBUX02702
http://marc.info/?l=bugtraq&m=131551295528105&w=2
HPdes Security Advisory: HPSBUX02707
http://marc.info/?l=bugtraq&m=131731002122529&w=2
HPdes Security Advisory: SSRT100606
http://marc.info/?l=bugtraq&m=131551295528105&w=2
HPdes Security Advisory: SSRT100619
http://marc.info/?l=bugtraq&m=132033751509019&w=2
HPdes Security Advisory: SSRT100626
http://marc.info/?l=bugtraq&m=131731002122529&w=2
HPdes Security Advisory: SSRT100966
http://marc.info/?l=bugtraq&m=134987041210674&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2011:084
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://cxib.net/stuff/apache.fnmatch.phps
http://cxib.net/stuff/apr_fnmatch.txts
http://www.mail-archive.com/dev@apr.apache.org/msg23961.html
http://www.mail-archive.com/dev@apr.apache.org/msg23960.html
http://www.mail-archive.com/dev@apr.apache.org/msg23976.html
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804
RedHat Security Advisories: RHSA-2011:0507
http://www.redhat.com/support/errata/RHSA-2011-0507.html
RedHat Security Advisories: RHSA-2011:0896
http://www.redhat.com/support/errata/RHSA-2011-0896.html
RedHat Security Advisories: RHSA-2011:0897
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://securitytracker.com/id?1025527
http://secunia.com/advisories/44490
http://secunia.com/advisories/44564
http://secunia.com/advisories/44574
http://secunia.com/advisories/48308
http://securityreason.com/securityalert/8246
http://securityreason.com/achievement_securityalert/98
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html




© 1998-2024 E-Soft Inc. All rights reserved.