CVE-2011-4415

LOW

Description

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://www.gossamer-threads.com/lists/apache/dev/403775

http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/

http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html

Details

Source: MITRE

Published: 2011-11-08

Updated: 2012-07-03

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 1.2

Vector: AV:L/AC:H/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 1.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical