← back
CVE-2011-0419

CVE-2011-0419

EPSS 30.4%
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/35738unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22http://cxib.net/stuff/apache.fnmatch.phpshttp://cxib.net/stuff/apr_fnmatch.txtshttp://httpd.apache.org/security/vulnerabilities_22.htmlhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlhttp://marc.info/?l=bugtraq&m=131551295528105&w=2http://marc.info/?l=bugtraq&m=131731002122529&w=2http://marc.info/?l=bugtraq&m=132033751509019&w=2http://marc.info/?l=bugtraq&m=134987041210674&w=2https://bugzilla.redhat.com/show_bug.cgi?id=703390http://secunia.com/advisories/44490