Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0507
The remote host is missing updates announced in
advisory RHSA-2011:0507.

The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It provides a free library of C data
structures and routines.

It was discovered that the apr_fnmatch() function used an unconstrained
recursion when processing patterns with the '*' wildcard. An attacker could
use this flaw to cause an application using this function, which also
accepted untrusted input as a pattern for matching (such as an httpd server
using the mod_autoindex module), to exhaust all stack memory or use an
excessive amount of CPU time when performing matching. (CVE-2011-0419)

Red Hat would like to thank Maksymilian Arciemowicz for reporting this

All apr users should upgrade to these updated packages, which contain a
backported patch to correct this issue. Applications using the apr library,
such as httpd, must be restarted for this update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0419
Debian Security Information: DSA-2237 (Google Search)
HPdes Security Advisory: HPSBMU02704
HPdes Security Advisory: HPSBOV02822
HPdes Security Advisory: HPSBUX02702
HPdes Security Advisory: HPSBUX02707
HPdes Security Advisory: SSRT100606
HPdes Security Advisory: SSRT100619
HPdes Security Advisory: SSRT100626
HPdes Security Advisory: SSRT100966
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
CopyrightCopyright (c) 2011 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.