Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0844
The remote host is missing updates announced in
advisory RHSA-2011:0844.

The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It provides a free library of C data
structures and routines.

The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an
infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME
matching flag was used. A remote attacker could possibly use this flaw to
cause a denial of service on an application using the apr_fnmatch()
function. (CVE-2011-1928)

Note: This problem affected httpd configurations using the Location
directive with wildcard URLs. The denial of service could have been
triggered during normal operation
it did not specifically require a
malicious HTTP request.

This update also addresses additional problems introduced by the rewrite of
the apr_fnmatch() function, which was necessary to address the
CVE-2011-0419 flaw.

All apr users should upgrade to these updated packages, which contain a
backported patch to correct this issue. Applications using the apr library,
such as httpd, must be restarted for this update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1928
HPdes Security Advisory: HPSBOV02822
HPdes Security Advisory: SSRT100966
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-0419
Debian Security Information: DSA-2237 (Google Search)
HPdes Security Advisory: HPSBMU02704
HPdes Security Advisory: HPSBUX02702
HPdes Security Advisory: HPSBUX02707
HPdes Security Advisory: SSRT100606
HPdes Security Advisory: SSRT100619
HPdes Security Advisory: SSRT100626
CopyrightCopyright (c) 2011 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.