CVE-2011-0419

MEDIUM

Description

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

References

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22

http://cxib.net/stuff/apache.fnmatch.phps

http://cxib.net/stuff/apr_fnmatch.txts

http://httpd.apache.org/security/vulnerabilities_22.html

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

http://marc.info/?l=bugtraq&m=131551295528105&w=2

http://marc.info/?l=bugtraq&m=131731002122529&w=2

http://marc.info/?l=bugtraq&m=132033751509019&w=2

http://marc.info/?l=bugtraq&m=134987041210674&w=2

http://secunia.com/advisories/44490

http://secunia.com/advisories/44564

http://secunia.com/advisories/44574

http://secunia.com/advisories/48308

http://securityreason.com/achievement_securityalert/98

http://securityreason.com/securityalert/8246

http://securitytracker.com/id?1025527

http://support.apple.com/kb/HT5002

http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902

http://svn.apache.org/viewvc?view=revision&revision=1098188

http://svn.apache.org/viewvc?view=revision&revision=1098799

http://www.apache.org/dist/apr/Announcement1.x.html

http://www.apache.org/dist/apr/CHANGES-APR-1.4

http://www.apache.org/dist/httpd/Announcement2.2.html

http://www.debian.org/security/2011/dsa-2237

http://www.mail-archive.com/[email protected]/msg23960.html

http://www.mail-archive.com/[email protected]/msg23961.html

http://www.mail-archive.com/[email protected]/msg23976.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:084

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

http://www.redhat.com/support/errata/RHSA-2011-0507.html

http://www.redhat.com/support/errata/RHSA-2011-0896.html

http://www.redhat.com/support/errata/RHSA-2011-0897.html

https://bugzilla.redhat.com/show_bug.cgi?id=703390

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804

Details

Source: MITRE

Published: 2011-05-16

Updated: 2021-03-30

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:* versions up to 1.4.2 (inclusive)

Configuration 2

OR

cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.2.17 (inclusive)

Configuration 3

OR

cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:4.8:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
108114Solaris 10 (x86) : 147714-01NessusSolaris Local Security Checks
medium
107622Solaris 10 (sparc) : 147713-01NessusSolaris Local Security Checks
medium
80108F5 Networks BIG-IP : Apache vulnerability (SOL15920)NessusF5 Networks Local Security Checks
medium
77326Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)NessusMisc.
critical
75785openSUSE Security Update : apache2 (openSUSE-SU-2011:0859-1)NessusSuSE Local Security Checks
medium
75424openSUSE Security Update : apache2 (openSUSE-SU-2011:0859-1)NessusSuSE Local Security Checks
medium
74066GLSA-201405-24 : Apache Portable Runtime, APR Utility Library: Denial of ServiceNessusGentoo Local Security Checks
medium
69301Oracle Fusion Middleware Oracle HTTP Server Multiple VulnerabilitiesNessusWeb Servers
critical
68284Oracle Linux 4 / 5 / 6 : apr (ELSA-2011-0844)NessusOracle Linux Local Security Checks
medium
68275Oracle Linux 4 / 5 / 6 : apr (ELSA-2011-0507)NessusOracle Linux Local Security Checks
medium
61053Scientific Linux Security Update : apr on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
61036Scientific Linux Security Update : apr on SL4.x, SL5.x, SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
58811HP System Management Homepage < 7.0 Multiple VulnerabilitiesNessusWeb Servers
critical
57215SuSE 10 Security Update : libapr1 (ZYPP Patch Number 7610)NessusSuSE Local Security Checks
medium
56805FreeBSD : Apache APR -- DoS vulnerabilities (38560d79-0e42-11e1-902b-20cf30e32f6d)NessusFreeBSD Local Security Checks
medium
56481Mac OS X Multiple Vulnerabilities (Security Update 2011-006)NessusMacOS X Local Security Checks
critical
55566SuSE 10 Security Update : libapr (ZYPP Patch Number 7611)NessusSuSE Local Security Checks
medium
55564SuSE 11.1 Security Update : libapr (SAT Patch Number 4845)NessusSuSE Local Security Checks
medium
55563SuSE 11.1 Security Update : libapr (SAT Patch Number 4845)NessusSuSE Local Security Checks
medium
55095Ubuntu 6.06 LTS / 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : apache2, apr vulnerabilities (USN-1134-1)NessusUbuntu Local Security Checks
medium
54958Fedora 13 : apr-1.4.5-1.fc13 (2011-7340)NessusFedora Local Security Checks
medium
54957Fedora 14 : apr-1.4.5-1.fc14 (2011-6918)NessusFedora Local Security Checks
medium
54944Fedora 15 : apr-1.4.5-1.fc15 (2011-6750)NessusFedora Local Security Checks
medium
54938CentOS 4 / 5 : apr (CESA-2011:0844)NessusCentOS Local Security Checks
medium
54932RHEL 4 / 5 / 6 : apr (RHSA-2011:0844)NessusRed Hat Local Security Checks
medium
54623FreeBSD : Apache APR -- DoS vulnerabilities (99a5590c-857e-11e0-96b7-00300582f9fc)NessusFreeBSD Local Security Checks
medium
53908Mandriva Linux Security Advisory : apr (MDVSA-2011:084)NessusMandriva Local Security Checks
medium
53905FreeBSD : Apache APR -- DoS vulnerabilities (00b296b6-7db1-11e0-96b7-00300582f9fc)NessusFreeBSD Local Security Checks
medium
53900Debian DSA-2237-1 : apr - denial of serviceNessusDebian Local Security Checks
medium
53898Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : apr/apr-util (SSA:2011-133-01)NessusSlackware Local Security Checks
medium
53896Apache 2.2.x < 2.2.18 APR apr_fnmatch DoSNessusWeb Servers
medium
53874RHEL 4 / 5 / 6 : apr (RHSA-2011:0507)NessusRed Hat Local Security Checks
medium
53872CentOS 4 / 5 : apr (CESA-2011:0507)NessusCentOS Local Security Checks
medium