1 results (0.002 seconds)
CVSS: 7.5EPSS: 14%CPEs: 3EXPL: 0
CVSS: 7.5EPSS: 14%CPEs: 3EXPL: 0CVE-2011-1928 – apr: DoS flaw in apr_fnmatch() due to fix for CVE-2011-0419
https://notcve.org/view.php?id=CVE-2011-1928
24 May 2011 — The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. La implementación de fnmatch de apr_fnmatch.c de la l... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182 • CWE-399: Resource Management Errors •