Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1928

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-24 May, 2011 | 23:00
Updated At-06 Aug, 2024 | 22:46
Rejected At-
Credits

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:24 May, 2011 | 23:00
Updated At:06 Aug, 2024 | 22:46
Rejected At:
▼CVE Numbering Authority (CNA)

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2011-0844.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/44661
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/48308
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
vendor-advisory
x_refsource_MANDRIVA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/1289
vdb-entry
x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/44613
third-party-advisory
x_refsource_SECUNIA
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e
mailing-list
x_refsource_MLIST
http://openwall.com/lists/oss-security/2011/05/19/5
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/44780
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/1290
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44558
third-party-advisory
x_refsource_SECUNIA
http://openwall.com/lists/oss-security/2011/05/19/10
mailing-list
x_refsource_MLIST
http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E
mailing-list
x_refsource_MLIST
https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0844.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/44661
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/48308
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2011/1289
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/44613
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/5
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/44780
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/1290
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44558
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/10
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2011-0844.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/44661
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/48308
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2011/1289
vdb-entry
x_refsource_VUPEN
x_transferred
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/44613
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e
mailing-list
x_refsource_MLIST
x_transferred
http://openwall.com/lists/oss-security/2011/05/19/5
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/44780
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/1290
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44558
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://openwall.com/lists/oss-security/2011/05/19/10
mailing-list
x_refsource_MLIST
x_transferred
http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0844.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/44661
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/48308
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/1289
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/44613
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/5
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/44780
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/1290
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44558
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/10
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:24 May, 2011 | 23:55
Updated At:11 Apr, 2025 | 00:51

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
The Apache Software Foundation
apache
>>apr-util>>1.4.3
cpe:2.3:a:apache:apr-util:1.4.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>apr-util>>1.4.4
cpe:2.3:a:apache:apr-util:1.4.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.2.18
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182secalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlsecalert@redhat.com
N/A
http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3Esecalert@redhat.com
N/A
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3esecalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=134987041210674&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=134987041210674&w=2secalert@redhat.com
N/A
http://openwall.com/lists/oss-security/2011/05/19/10secalert@redhat.com
N/A
http://openwall.com/lists/oss-security/2011/05/19/5secalert@redhat.com
N/A
http://secunia.com/advisories/44558secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/44613secalert@redhat.com
N/A
http://secunia.com/advisories/44661secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/44780secalert@redhat.com
N/A
http://secunia.com/advisories/48308secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:095secalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2011-0844.htmlsecalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2011/1289secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2011/1290secalert@redhat.com
Vendor Advisory
https://issues.apache.org/bugzilla/show_bug.cgi?id=51219secalert@redhat.com
N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3eaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134987041210674&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134987041210674&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://openwall.com/lists/oss-security/2011/05/19/10af854a3a-2127-422b-91ae-364da2661108
N/A
http://openwall.com/lists/oss-security/2011/05/19/5af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44558af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/44613af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44661af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/44780af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48308af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:095af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-0844.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/1289af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/1290af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://issues.apache.org/bugzilla/show_bug.cgi?id=51219af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/10
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/5
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/44558
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44613
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/44661
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44780
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48308
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0844.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/1289
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/1290
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44558
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44613
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44661
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44780
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48308
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0844.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/1289
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/1290
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

63Records found
CVE-2014-0117
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-52.56% / 97.85%
||
7 Day CHG~0.00%
Published-20 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.

Action-Not Available
Vendor-n/aThe Apache Software FoundationApple Inc.
Product-http_servermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0032
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-28.01% / 96.29%
||
7 Day CHG~0.00%
Published-14 Feb, 2014 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-subversionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-27906
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 55.38%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 16:05
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Action-Not Available
Vendor-Fedora ProjectOracle CorporationThe Apache Software Foundation
Product-peoplesoft_enterprise_peopletoolsprimavera_unifierpdfboxcommunications_messaging_serveroutside_in_technologycommunications_session_report_managerbanking_trade_finance_process_managementbanking_supply_chain_financeflexcube_universal_bankinghyperion_financial_reportingfedoraretail_xstore_point_of_servicebanking_corporate_lending_process_managementwebcenter_siteshyperion_infrastructure_technologybanking_credit_facilities_process_managementbanking_virtual_account_managementbanking_treasury_managementretail_customer_management_and_segmentation_foundationApache PDFBox
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2019-12406
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-2.07% / 83.22%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 20:07
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count".

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-cxfretail_order_brokercommerce_guided_searchflexcube_private_bankingApache CXF
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-10093
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 79.98%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 18:32
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tikaApache Tika
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-8017
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-3.65% / 87.39%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 14:00
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tikaApache Tika
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-1324
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 51.01%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 13:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-mysql_clusterweblogic_servercommons_compressApache Commons Compress
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2011-3348
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-51.26% / 97.79%
||
7 Day CHG~0.00%
Published-19 Sep, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.
Product-http_serverenterprise_linuxjboss_enterprise_web_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-45105
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-72.11% / 98.69%
||
7 Day CHG~0.00%
Published-18 Dec, 2021 | 11:55
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Action-Not Available
Vendor-The Apache Software FoundationSonicWall Inc.NetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-communications_diameter_signaling_routerpeoplesoft_enterprise_peopletoolshyperion_bi\+hyperion_tax_provisionprimavera_unifiertaleo_platformcommunications_cloud_native_core_network_function_cloud_native_environmentretail_back_officecommunications_network_integrityretail_service_backbonecommunications_network_charging_and_controlcommunications_session_route_managerbusiness_intelligencemanagement_cloud_enginecommunications_user_data_repositoryautovue_for_agile_product_lifecycle_managementcommunications_performance_intelligence_centerhealthcare_master_person_indexhealth_sciences_empirica_signalbanking_loans_servicingcommunications_eagle_ftp_table_base_retrievalcommunications_cloud_native_core_unified_data_repositorynetwork_security_managerretail_order_brokersql_developercommunications_evolved_communications_application_serverretail_price_managementcommunications_unified_inventory_managementwebcenter_sitesweb_application_firewallcommunications_cloud_native_core_service_communication_proxyretail_customer_insightscommunications_cloud_native_core_security_edge_protection_proxycommunications_messaging_serverenterprise_manager_for_peoplesofthealthcare_translational_research6bk1602-0aa42-0tp0_firmwarecommunications_eagle_element_management_systemcommunications_ip_service_activatorretail_financial_integrationretail_data_extractor_for_merchandisingretail_returns_managementretail_order_management_systemhospitality_suite8banking_treasury_management6bk1602-0aa52-0tp0retail_eftlinkhospitality_token_proxy_servicecloud_managerdebian_linuxweblogic_servermysql_enterprise_monitor6bk1602-0aa32-0tp0_firmwareinstantis_enterprisetracklog4j6bk1602-0aa22-0tp0_firmwarehyperion_profitability_and_cost_managementcommunications_asap6bk1602-0aa22-0tp0communications_element_manager6bk1602-0aa52-0tp0_firmwareenterprise_manager_base_platformwebcenter_portaldata_integratorretail_store_inventory_managementhealthcare_data_repositorye-business_suitecommunications_cloud_native_core_consoleretail_central_officeprimavera_gatewaybanking_platformcommunications_session_report_manageragile_plmretail_merchandising_systemcommunications_cloud_native_core_policybanking_party_managementcommunications_convergent_charging_controllerretail_point-of-servicebanking_enterprise_default_managementbanking_paymentsflexcube_universal_bankingfinancial_services_analytical_applications_infrastructurehyperion_data_relationship_managementhealthcare_foundationcommunications_service_brokerhealth_sciences_informcommunications_interactive_session_recorderpayment_interfaceenterprise_manager_ops_centercommunications_services_gatekeepercommunications_convergencemanaged_file_transfer6bk1602-0aa12-0tp0insurance_insbridge_rating_and_underwritingretail_predictive_application_servercommunications_cloud_native_core_network_slice_selection_functioncommunications_billing_and_revenue_managementidentity_manager_connectorsiebel_ui_frameworkcommunications_cloud_native_core_network_repository_functionretail_integration_busagile_plm_mcad_connectoragile_engineering_data_managementutilities_framework6bk1602-0aa32-0tp06bk1602-0aa12-0tp0_firmwarebanking_deposits_and_lines_of_credit_servicinghyperion_planningbanking_trade_financeretail_invoice_matchingprimavera_p6_enterprise_project_portfolio_managementcommunications_webrtc_session_controllercommunications_pricing_design_centerhealth_sciences_information_manageremail_securityjdeveloperfinancial_services_model_management_and_governancehyperion_infrastructure_technologyinsurance_data_gateway6bk1602-0aa42-0tp0identity_management_suiteApache Log4j2
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-20
Improper Input Validation
CVE-2020-27223
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-5.2||MEDIUM
EPSS-28.07% / 96.29%
||
7 Day CHG+9.75%
Published-26 Feb, 2021 | 21:55
Updated-20 Aug, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationNetApp, Inc.Eclipse Foundation AISBLThe Apache Software Foundation
Product-debian_linuxsnapcenterrest_data_servicessolidfiresnap_creator_frameworke-series_santricity_os_controllersparkhcimanagement_services_for_element_softwaree-series_santricity_web_servicesjettynifisolrhci_management_nodesnapmanagerelement_plug-in_for_vcenter_serverEclipse Jetty
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-5262
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.95% / 75.39%
||
7 Day CHG~0.00%
Published-27 Oct, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Action-Not Available
Vendor-n/aThe Apache Software FoundationFedora ProjectCanonical Ltd.
Product-fedoraubuntu_linuxhttpclientn/a
CVE-2021-27807
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 55.38%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 16:05
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A carefully crafted PDF file can trigger an infinite loop while loading the file

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Action-Not Available
Vendor-Fedora ProjectOracle CorporationThe Apache Software Foundation
Product-banking_trade_finance_process_managementprimavera_unifierpdfboxflexcube_universal_bankinghyperion_financial_reportingcommunications_messaging_serverfedoraretail_xstore_point_of_serviceoutside_in_technologycommunications_session_report_managerhyperion_infrastructure_technologywebcenter_sitesbanking_virtual_account_managementbanking_treasury_managementretail_customer_management_and_segmentation_foundationApache PDFBox
CWE ID-CWE-834
Excessive Iteration
CVE-2013-4352
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-18.05% / 94.91%
||
7 Day CHG~0.00%
Published-20 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
  • Previous
  • 1
  • 2
  • Next
Details not found