CVE-2011-1928 – apr: DoS flaw in apr_fnmatch() due to fix for CVE-2011-0419
https://notcve.org/view.php?id=CVE-2011-1928
The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. La implementación de fnmatch de apr_fnmatch.c de la librería Apache Portable Runtime (APR) 1.4.3 y 1.4.4, y el servidor Apache HTTP 2.2.18, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una URI que no encaja en tipos de patrones de comodines sin especificar. Como se ha demostrado en ataques contra mod_autoindex en httpd cuando un patrón de configuración /*/WEB-INF/ es utilizado. NOTA: esta vulnerabilidad existe debido a una solución incorrecta a CVE-2011-0419. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182 http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e http://marc.info/?l=bugtraq&m=134987041210674&w=2 http://openwall.com/lists/oss-security/2011/05/19/10 http://openwall.com/lists/oss-security/2011 • CWE-399: Resource Management Errors •
CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamiento de pila en la función fnmatch implementada en apr_fnmatch.c en la librería de Apache Portable Runtime (APR) anterior a v1.4.3 y en Apache HTTP Server anterior a v2.2.18, y en fnmatch.c en libc en NetBSD v5.1, OpenBSD v4.8, FreeBSD, Apple Mac OS X v10.6, Oracle Solaris 10, y Android permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU y memoria) a través de secuencias "*?" en el primer argumento, como se demostró con los ataques contra mod_autoindex en httpd. • https://www.exploit-db.com/exploits/35738 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22 http://cxib.net/stuff/apache.fnmatch.phps http://cxib.net/stuff/apr_fnmatch.txts http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=131551295528105&w=2 http://marc.info/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2011-1176
https://notcve.org/view.php?id=CVE-2011-1176
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process. La fusión de configuración en itk.c en el Steinar H. Gunderson mpm-itk Multi-Processing Module v2.2.11-01 y v2.2.11-02 para el Servidor Apache HTTP, no maneja adecuadamente ciertas secciones de configuración que especifican NiceValue pero no AssignUserID, lo que podría permitir a atacantes remotos obtener privilegios mediante el aprovechamiento de la UID y GID de root de un proceso mpm-itk. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857 http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html http://openwall.com/lists/oss-security/2011/03/20/1 http://openwall.com/lists/oss-security/2011/03/21/13 http://www.debian.org/security/2011/dsa-2202 http://www.mandriva.com/security/advisories?name=MDVSA-2011:057 http://www.securityfocus.com/bid/46953 http://www.vupen.com/english& •
CVE-2010-1623 – apr-util: high memory consumption in apr_brigade_split_line()
https://notcve.org/view.php?id=CVE-2010-1623
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. Pérdida de memoria en la función apr_brigade_split_line en buckets/apr_brigade.c en la biblioteca Apache Portable Runtime Utility (también conocida como APR-util) en versiones anteriores a 1.3.10, como es usada en el módulo mod_reqtimeout en Apache HTTP Server y otro software, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de vectores no especificados relacionados con la destrucción de un cubo APR. • http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=130168502603566&w=2 http://secunia.com/advisories/41701 http://secunia.com/advisories/42015 http://secunia.com/advisories/42361 http://secunia.com/advisories/4236 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2791 – httpd: Reverse proxy sends wrong responses after time-outs
https://notcve.org/view.php?id=CVE-2010-2791
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions. mod_proxy en httpd del servidor HTTP Apache v2.2.9, cuando se ejecuta en Unix, no cierra la conexión interna si se produce un fin de tiempo de espera al leer una respuesta de una conexión persistente, lo que permite a atacantes remotos obtener una respuesta potencialmente sensibles, destinada a un cliente diferente en circunstancias oportunistas a través de una petición HTTP normal. NOTA: este es el mismo problema que CVE-2010-2068, pero para un Sistema Operativo diferente y un conjunto de versiones afectadas. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.openwall.com/lists/oss-security/2010/07/30/1 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html http://www.redhat.com/support/errata/RHSA-2010-0659.html http://www.securityfocus.com/bid/42102 https://exchange.xforce.ibmcloud.com/vulnerabilities/60883 https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •