CVE-2011-4415

Apache HTTP Server 2.0.x-2.0.64 and 2.2.x-2.2.21 - Denial of Service via mod_setenvif SetEnvIf Directive

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4415. PoCs published by halfdog.

AI-analyzed exploit summary The document describes an integer overflow vulnerability in Apache HTTP Server's mod_setenvif module, leading to buffer overflow and potential RCE or DoS. It outlines exploit techniques but does not include actual exploit code.

Description

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.

Exploits (1)

exploitdb WRITEUP

by halfdog · textdoslinux

https://www.exploit-db.com/exploits/41769

View Code ZIP pw:eip

The document describes an integer overflow vulnerability in Apache HTTP Server's mod_setenvif module, leading to buffer overflow and potential RCE or DoS. It outlines exploit techniques but does not include actual exploit code.

Classification

Writeup 90%

Attack Type

Rce | Dos

Complexity

Complex

Reliability

Racy

Target: Apache HTTP Server 2.0.x to 2.0.64, 2.2.x to 2.2.21

No auth needed

Prerequisites: mod_setenvif enabled · ability to place crafted .htaccess file on server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_confirm

http://www.gossamer-threads.com/lists/apache/dev/403775

Exploit, Patch x_refsource_misc

http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Exploit x_refsource_misc

http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html

Scores

EPSS 0.0328

EPSS Percentile 86.8%

Details

CWE

CWE-20

Status published

Products (48)

apache/http_server 2.0

apache/http_server 2.0.9

apache/http_server 2.0.28 (2 CPE variants)

apache/http_server 2.0.32 (2 CPE variants)

apache/http_server 2.0.34 beta

apache/http_server 2.0.35

apache/http_server 2.0.36

apache/http_server 2.0.37

apache/http_server 2.0.38

apache/http_server 2.0.39

... and 38 more

Published Nov 08, 2011

Tracked Since Feb 18, 2026