6 results (0.018 seconds)

CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. La implementación de fnmatch de apr_fnmatch.c de la librería Apache Portable Runtime (APR) 1.4.3 y 1.4.4, y el servidor Apache HTTP 2.2.18, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una URI que no encaja en tipos de patrones de comodines sin especificar. Como se ha demostrado en ataques contra mod_autoindex en httpd cuando un patrón de configuración /*/WEB-INF/ es utilizado. NOTA: esta vulnerabilidad existe debido a una solución incorrecta a CVE-2011-0419. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182 http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e http://marc.info/?l=bugtraq&m=134987041210674&w=2 http://openwall.com/lists/oss-security/2011/05/19/10 http://openwall.com/lists/oss-security/2011 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 42%CPEs: 45EXPL: 0

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. Pérdida de memoria en la función apr_brigade_split_line en buckets/apr_brigade.c en la biblioteca Apache Portable Runtime Utility (también conocida como APR-util) en versiones anteriores a 1.3.10, como es usada en el módulo mod_reqtimeout en Apache HTTP Server y otro software, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de vectores no especificados relacionados con la destrucción de un cubo APR. • http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=130168502603566&w=2 http://secunia.com/advisories/41701 http://secunia.com/advisories/42015 http://secunia.com/advisories/42361 http://secunia.com/advisories/4236 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 14%CPEs: 47EXPL: 3

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de entero en la biblioteca Apache Portable Runtime (APR) y en la biblioteca Apache Portable Utility (alias ARP-util) v0.9.x y v1.3.x permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) o posiblemente ejecutar código arbitrario a través de vectores que disparan las llamadas manipuladas a funciones (1) allocator_alloc o (2) apr_palloc en memory/unix/apr_pools.c en APR; o llamadas manipuladas a funciones (3) apr_rmm_malloc, (4) apr_rmm_calloc, o (5) apr_rmm_realloc en misc/apr_rmm.c en APR-util; desencadenando en desbordamientos de búfer. NOTA: algunos de estos detalles se obtienen a partir de información de terceros. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://osvdb.org/56765 http://osvdb.org/56766 http://secunia.com/advisories/36138 http://secunia.com/advisories/36140 http://secunia.com/advisories/36166 http://secunia.com/advisories/36233 http://secunia.com/advisories/37152 http://secunia.com/advisories/37221& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.4EPSS: 38%CPEs: 6EXPL: 2

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. Error de superación de límite (off-by-one) en la función apr_brigade_vprintf de Apache APR-util anterior a v1.3.5 en plataformas big-endian, permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (caída de la aplicación) a través de una entrada manipulada. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://marc.info/?l=bugtraq&m=129190899612998&w=2 http://secunia.com/advisories/34724 http://secunia.com/advisories/35284 http://secunia.com/advisories/35395 http://secunia.com/advisories/35487 http://secunia.com/advisories/35565 http://secunia.com/advisories/35710 http://secunia.com/advisories/35797 http://secunia.com/advisories/35843 http://secunia.com/advisories/37221 http://security.gentoo.org/g • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 19%CPEs: 13EXPL: 1

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. El parseador XML en el interfaz apr_xml_* en xml/apr_xml.c en Apache APR-util anteriores a v1.3.7 tal y como es utilizado en los módulos mod_dav y mod_dav_svn en el servidor HTTP de Apache, permite a atacantes remotos producir una denegación de servicio (agotamiento de memoria) a través de un documento XML manipulado que contiene un gran numero de referencias anidadas, como se demostró en la petición PROPFIND, una vulnerabilidad similar a CVE-2003-1564. • https://www.exploit-db.com/exploits/8842 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://marc.info/?l=apr-dev&m=124396021826125&w=2 http://marc.info/?l=bugtraq&m=129190899612998&w=2 http://secunia.com/advisories/34724 http://secunia.com/advisories/35284 http://secunia.com/advisories/35360 http://secunia.com/advisories/35395 http://secunia.com/advisories/35444 http: • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •