ByteOS Network

CVE Vulnerability Details :

CVE-2011-0419

PUBLISHED

More Info Official Page

Assigner-certcc

Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b

Published At-16 May, 2011 | 17:00

Updated At-06 Aug, 2024 | 21:51

▼CVE Numbering Authority (CNA)

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

References

Hyperlink	Resource
http://secunia.com/advisories/44574	third-party-advisory x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=131731002122529&w=2	vendor-advisory x_refsource_HP
http://marc.info/?l=bugtraq&m=134987041210674&w=2	vendor-advisory x_refsource_HP
http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html	mailing-list x_refsource_MLIST
http://secunia.com/advisories/48308	third-party-advisory x_refsource_SECUNIA
http://securityreason.com/achievement_securityalert/98	third-party-advisory x_refsource_SREASONRES
http://marc.info/?l=bugtraq&m=131551295528105&w=2	vendor-advisory x_refsource_HP
http://marc.info/?l=bugtraq&m=134987041210674&w=2	vendor-advisory x_refsource_HP
http://marc.info/?l=bugtraq&m=132033751509019&w=2	vendor-advisory x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804	vdb-entry signature x_refsource_OVAL
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	x_refsource_CONFIRM
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22	x_refsource_CONFIRM
http://cxib.net/stuff/apr_fnmatch.txts	x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638	vdb-entry signature x_refsource_OVAL
http://securitytracker.com/id?1025527	vdb-entry x_refsource_SECTRACK
http://svn.apache.org/viewvc?view=revision&revision=1098188	x_refsource_CONFIRM
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15	x_refsource_CONFIRM
http://www.apache.org/dist/apr/CHANGES-APR-1.4	x_refsource_CONFIRM
http://www.apache.org/dist/apr/Announcement1.x.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1098799	x_refsource_CONFIRM
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html	vendor-advisory x_refsource_APPLE
http://httpd.apache.org/security/vulnerabilities_22.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902	x_refsource_CONFIRM
http://securityreason.com/securityalert/8246	third-party-advisory x_refsource_SREASON
http://www.debian.org/security/2011/dsa-2237	vendor-advisory x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2011-0897.html	vendor-advisory x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=703390	x_refsource_CONFIRM
http://secunia.com/advisories/44564	third-party-advisory x_refsource_SECUNIA
http://www.apache.org/dist/httpd/Announcement2.2.html	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=131731002122529&w=2	vendor-advisory x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html	x_refsource_CONFIRM
http://secunia.com/advisories/44490	third-party-advisory x_refsource_SECUNIA
http://cxib.net/stuff/apache.fnmatch.phps	x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2011-0896.html	vendor-advisory x_refsource_REDHAT
http://support.apple.com/kb/HT5002	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2011:084	vendor-advisory x_refsource_MANDRIVA
http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html	mailing-list x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2011-0507.html	vendor-advisory x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html	vendor-advisory x_refsource_SUSE
http://marc.info/?l=bugtraq&m=132033751509019&w=2	vendor-advisory x_refsource_HP
http://marc.info/?l=bugtraq&m=131551295528105&w=2	vendor-advisory x_refsource_HP
http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/44574	third-party-advisory x_refsource_SECUNIA x_transferred
http://marc.info/?l=bugtraq&m=131731002122529&w=2	vendor-advisory x_refsource_HP x_transferred
http://marc.info/?l=bugtraq&m=134987041210674&w=2	vendor-advisory x_refsource_HP x_transferred
http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html	mailing-list x_refsource_MLIST x_transferred
http://secunia.com/advisories/48308	third-party-advisory x_refsource_SECUNIA x_transferred
http://securityreason.com/achievement_securityalert/98	third-party-advisory x_refsource_SREASONRES x_transferred
http://marc.info/?l=bugtraq&m=131551295528105&w=2	vendor-advisory x_refsource_HP x_transferred
http://marc.info/?l=bugtraq&m=134987041210674&w=2	vendor-advisory x_refsource_HP x_transferred
http://marc.info/?l=bugtraq&m=132033751509019&w=2	vendor-advisory x_refsource_HP x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804	vdb-entry signature x_refsource_OVAL x_transferred
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	x_refsource_CONFIRM x_transferred
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22	x_refsource_CONFIRM x_transferred
http://cxib.net/stuff/apr_fnmatch.txts	x_refsource_MISC x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638	vdb-entry signature x_refsource_OVAL x_transferred
http://securitytracker.com/id?1025527	vdb-entry x_refsource_SECTRACK x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1098188	x_refsource_CONFIRM x_transferred
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15	x_refsource_CONFIRM x_transferred
http://www.apache.org/dist/apr/CHANGES-APR-1.4	x_refsource_CONFIRM x_transferred
http://www.apache.org/dist/apr/Announcement1.x.html	x_refsource_CONFIRM x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1098799	x_refsource_CONFIRM x_transferred
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html	vendor-advisory x_refsource_APPLE x_transferred
http://httpd.apache.org/security/vulnerabilities_22.html	x_refsource_CONFIRM x_transferred
http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902	x_refsource_CONFIRM x_transferred
http://securityreason.com/securityalert/8246	third-party-advisory x_refsource_SREASON x_transferred
http://www.debian.org/security/2011/dsa-2237	vendor-advisory x_refsource_DEBIAN x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0897.html	vendor-advisory x_refsource_REDHAT x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=703390	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/44564	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.apache.org/dist/httpd/Announcement2.2.html	x_refsource_CONFIRM x_transferred
http://marc.info/?l=bugtraq&m=131731002122529&w=2	vendor-advisory x_refsource_HP x_transferred
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/44490	third-party-advisory x_refsource_SECUNIA x_transferred
http://cxib.net/stuff/apache.fnmatch.phps	x_refsource_MISC x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0896.html	vendor-advisory x_refsource_REDHAT x_transferred
http://support.apple.com/kb/HT5002	x_refsource_CONFIRM x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:084	vendor-advisory x_refsource_MANDRIVA x_transferred
http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html	mailing-list x_refsource_MLIST x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	vendor-advisory x_refsource_MANDRIVA x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0507.html	vendor-advisory x_refsource_REDHAT x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html	vendor-advisory x_refsource_SUSE x_transferred
http://marc.info/?l=bugtraq&m=132033751509019&w=2	vendor-advisory x_refsource_HP x_transferred
http://marc.info/?l=bugtraq&m=131551295528105&w=2	vendor-advisory x_refsource_HP x_transferred
http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	mailing-list x_refsource_MLIST x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References