CVE-2011-0419

Apache Portable Runtime < 1.4.3 - Resource Allocation Without Limits

Title source: rule

Description

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Maksymilian Arciemowicz · phpdoslinux

https://www.exploit-db.com/exploits/35738

View Code ZIP pw:eip

References (58)

[Third Party Advisory] http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22

[Patch, Third Party Advisory] http://cxib.net/stuff/apache.fnmatch.phps

[Third Party Advisory] http://cxib.net/stuff/apr_fnmatch.txts

[Vendor Advisory] http://httpd.apache.org/security/vulnerabilities_22.html

[Broken Link] http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

[Issue Tracking, Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=131551295528105&w=2

[Issue Tracking, Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=131731002122529&w=2

[Issue Tracking, Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=132033751509019&w=2

[Issue Tracking, Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=134987041210674&w=2

[Not Applicable, Vendor Advisory] http://secunia.com/advisories/44490

[Not Applicable, Vendor Advisory] http://secunia.com/advisories/44564

[Not Applicable, Vendor Advisory] http://secunia.com/advisories/44574

[Not Applicable] http://secunia.com/advisories/48308

[Exploit, Third Party Advisory] http://securityreason.com/achievement_securityalert/98

[Exploit, Third Party Advisory] http://securityreason.com/securityalert/8246

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1025527

[Third Party Advisory] http://support.apple.com/kb/HT5002

[Patch, Vendor Advisory] http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902

[Patch, Vendor Advisory] http://svn.apache.org/viewvc?view=revision&revision=1098188

... and 38 more

Scores

EPSS 0.4878

EPSS Percentile 97.8%

Details

CWE

CWE-770

Status published

Products (12)

apache/http_server 2.0.0 - 2.0.65

apache/portable_runtime < 1.4.3

apple/mac_os_x 10.6.0

debian/debian_linux 5.0

debian/debian_linux 6.0

debian/debian_linux 7.0

freebsd/freebsd

google/android

netbsd/netbsd 5.1

openbsd/openbsd 4.8

... and 2 more

Published May 16, 2011

Tracked Since Feb 18, 2026