FreeBSD : Apache APR -- DoS vulnerabilities (00b296b6-7db1-11e0-96b7-00300582f9fc)
Medium Nessus Plugin ID 53905
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Apache Portable Runtime Project reports :
Note especially a security fix to APR 1.4.4, excessive CPU consumption was possible due to an unconstrained, recursive invocation of apr_fnmatch, as apr_fnmatch processed '*' wildcards. Reimplement apr_fnmatch() from scratch using a non-recursive algorithm now has improved compliance with the fnmatch() spec. (William Rowe)
SolutionUpdate the affected package.