ID CVE-2011-1928
Summary The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
References
Vulnerable Configurations
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.4.3
    cpe:2.3:a:apache:apr-util:1.4.3
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.4.4
    cpe:2.3:a:apache:apr-util:1.4.4
  • Apache Software Foundation Apache HTTP Server 2.2.18
    cpe:2.3:a:apache:http_server:2.2.18
CVSS
Base: 4.3 (as of 25-05-2011 - 10:23)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2011-145-01.NASL
    description New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue in apr and a crash bug in apr-util.
    last seen 2019-02-21
    modified 2015-01-15
    plugin id 54648
    published 2011-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54648
    title Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : apr/apr-util (SSA:2011-145-01)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1134-1.NASL
    description Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. (CVE-2011-0419) Is was discovered that the fix for CVE-2011-0419 introduced a different flaw in the fnmatch() implementation that could also result in a denial of service. (CVE-2011-1928). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55095
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55095
    title Ubuntu 6.06 LTS / 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : apache2, apr vulnerabilities (USN-1134-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-095.NASL
    description It was discovered that the fix for CVE-2011-0419 under certain conditions could cause a denial-of-service (DoS) attack in APR (CVE-2011-1928). Packages for 2010.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue. Update : Packages for Mandriva Linux 2010.0 were missing with the MDVSA-2011:095 advisory.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 54610
    published 2011-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54610
    title Mandriva Linux Security Advisory : apr (MDVSA-2011:095-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201405-24.NASL
    description The remote host is affected by the vulnerability described in GLSA-201405-24 (Apache Portable Runtime, APR Utility Library: Denial of Service) Multiple vulnerabilities have been discovered in Apache Portable Runtime and APR Utility Library. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-13
    plugin id 74066
    published 2014-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74066
    title GLSA-201405-24 : Apache Portable Runtime, APR Utility Library: Denial of Service
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-7340.NASL
    description Move to 1.4.x branch. Various bug fixes since 1.4.2. Security: CVE-2011-0419 Reimplement apr_fnmatch() from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch() spec. Note: 1.4.3 was never officially released. Fix CVE-2011-1928 introduced in 1.4.4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 54958
    published 2011-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54958
    title Fedora 13 : apr-1.4.5-1.fc13 (2011-7340)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110531_APR_ON_SL4_X.NASL
    description The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928) Note: This problem affected httpd configurations using the 'Location' directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61052
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61052
    title Scientific Linux Security Update : apr on SL4.x, SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0844.NASL
    description Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928) Note: This problem affected httpd configurations using the 'Location' directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 54938
    published 2011-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54938
    title CentOS 4 / 5 : apr (CESA-2011:0844)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBAPR-UTIL1-110706.NASL
    description This update fixes the following security issues : - 650435: remote DoS in APR. (CVE-2010-1623) - 693778: unconstrained recursion when processing patterns (CVE-2011-0419 / CVE-2011-1928)
    last seen 2019-02-21
    modified 2015-01-15
    plugin id 55564
    published 2011-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55564
    title SuSE 11.1 Security Update : libapr (SAT Patch Number 4845)
  • NASL family Web Servers
    NASL id APACHE_2_2_19.NASL
    description According to its banner, the version of Apache 2.2.x running on the remote host is 2.2.18. It is, therefore, affected by a denial of service vulnerability due to an error in the fnmatch implementation in 'apr_fnmatch.c' in the bundled Apache Portable Runtime (APR) library. Successful exploitation of this vulnerability requires that 'mod_autoindex' be enabled. Note that the remote web server may not actually be affected by this vulnerability. Nessus did not try to determine whether the affected module is in use or to check for the issue itself.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 54646
    published 2011-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54646
    title Apache 2.2.x < 2.2.18 APR apr_fnmatch DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_APACHE2-110726.NASL
    description This update fixes : - CVE-2011-0419 and CVE-2011-1928: unconstrained recursion when processing patterns - CVE-2010-1623: a remote DoS (memory leak) in APR's reqtimeout_filter function
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75424
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75424
    title openSUSE Security Update : apache2 (openSUSE-SU-2011:0859-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBAPR-UTIL1-7611.NASL
    description This update fixes the following security issues : - 650435: remote DoS in APR. (CVE-2010-1623) - 693778: unconstrained recursion when processing patterns. (CVE-2011-0419 / CVE-2011-1928)
    last seen 2019-02-21
    modified 2015-01-15
    plugin id 55566
    published 2011-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55566
    title SuSE 10 Security Update : libapr (ZYPP Patch Number 7611)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBAPR1-7610.NASL
    description This update fixes the following security issue : - 693778: unconstrained recursion when processing patterns. (CVE-2011-0419 / CVE-2011-1928)
    last seen 2019-02-21
    modified 2015-01-15
    plugin id 57215
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57215
    title SuSE 10 Security Update : libapr1 (ZYPP Patch Number 7610)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-6750.NASL
    description Various bug fixes since 1.4.2. Security: CVE-2011-0419 Reimplement apr_fnmatch() from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch() spec. Note: 1.4.3 was never officially released. Release -2 should fix top_builddir problem from -1. Fix CVE-2011-1928 introduced in 1.4.4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 54944
    published 2011-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54944
    title Fedora 15 : apr-1.4.5-1.fc15 (2011-6750)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0844.NASL
    description Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928) Note: This problem affected httpd configurations using the 'Location' directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 54932
    published 2011-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54932
    title RHEL 4 / 5 / 6 : apr (RHSA-2011:0844)
  • NASL family Web Servers
    NASL id HPSMH_7_0_0_24.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the 'generate-id' function in the bundled libxslt library that can allow disclosure of heap memory addresses. (CVE-2011-0195) - An unspecified input validation error exists and can allow cross-site request forgery attacks. (CVE-2011-3846) - Unspecified errors can allow attackers to carry out denial of service attacks via unspecified vectors. (CVE-2012-0135, CVE-2012-1993) - The bundled version of PHP contains multiple vulnerabilities. (CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3267, CVE-2011-3268) - The bundled version of Apache contains multiple vulnerabilities. (CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639) - OpenSSL libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945, CVE-2011-3207,CVE-2011-3210) - Curl libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58811
    published 2012-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58811
    title HP System Management Homepage < 7.0 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110531_APR_ON_SL6_X.NASL
    description The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928) Note: This problem affected httpd configurations using the 'Location' directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61053
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61053
    title Scientific Linux Security Update : apr on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-6918.NASL
    description Move to 1.4.x branch. Various bug fixes since 1.4.2. Security: CVE-2011-0419 Reimplement apr_fnmatch() from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch() spec. Note: 1.4.3 was never officially released. Fix CVE-2011-1928 introduced in 1.4.4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 54957
    published 2011-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54957
    title Fedora 14 : apr-1.4.5-1.fc14 (2011-6918)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_99A5590C857E11E096B700300582F9FC.NASL
    description The Apache Portable Runtime Project reports : A flaw was discovered in the apr_fnmatch() function in the Apache Portable Runtime (APR) library 1.4.4 (or any backported versions that contained the upstream fix for CVE-2011-0419). This could cause httpd workers to enter a hung state (100% CPU utilization). apr-util 1.3.11 could cause crashes with httpd's mod_authnz_ldap in some situations.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 54623
    published 2011-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54623
    title FreeBSD : Apache APR -- DoS vulnerabilities (99a5590c-857e-11e0-96b7-00300582f9fc)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0844.NASL
    description From Red Hat Security Advisory 2011:0844 : Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928) Note: This problem affected httpd configurations using the 'Location' directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68284
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68284
    title Oracle Linux 4 / 5 / 6 : apr (ELSA-2011-0844)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBAPR-UTIL1-110701.NASL
    description This update fixes the following security issues : - 650435: remote DoS in APR. (CVE-2010-1623) - 693778: unconstrained recursion when processing patterns (CVE-2011-0419 / CVE-2011-1928)
    last seen 2019-02-21
    modified 2015-01-15
    plugin id 55563
    published 2011-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55563
    title SuSE 11.1 Security Update : libapr (SAT Patch Number 4845)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_APACHE2-110726.NASL
    description This update fixes : - CVE-2011-0419 and CVE-2011-1928: unconstrained recursion when processing patterns - CVE-2010-1623: a remote DoS (memory leak) in APR's reqtimeout_filter function
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75785
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75785
    title openSUSE Security Update : apache2 (openSUSE-SU-2011:0859-1)
redhat via4
advisories
bugzilla
id 706203
title CVE-2011-1928 apr: DoS flaw in apr_fnmatch() due to fix for CVE-2011-0419
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment apr is earlier than 0:0.9.4-26.el4
          oval oval:com.redhat.rhsa:tst:20110844002
        • comment apr is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091204003
      • AND
        • comment apr-devel is earlier than 0:0.9.4-26.el4
          oval oval:com.redhat.rhsa:tst:20110844004
        • comment apr-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091204005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment apr is earlier than 0:1.2.7-11.el5_6.5
          oval oval:com.redhat.rhsa:tst:20110844007
        • comment apr is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091204012
      • AND
        • comment apr-devel is earlier than 0:1.2.7-11.el5_6.5
          oval oval:com.redhat.rhsa:tst:20110844009
        • comment apr-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091204014
      • AND
        • comment apr-docs is earlier than 0:1.2.7-11.el5_6.5
          oval oval:com.redhat.rhsa:tst:20110844011
        • comment apr-docs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091204016
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment apr is earlier than 0:1.3.9-3.el6_1.2
          oval oval:com.redhat.rhsa:tst:20110844017
        • comment apr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110507018
      • AND
        • comment apr-devel is earlier than 0:1.3.9-3.el6_1.2
          oval oval:com.redhat.rhsa:tst:20110844019
        • comment apr-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110507020
rhsa
id RHSA-2011:0844
released 2011-05-31
severity Low
title RHSA-2011:0844: apr security update (Low)
rpms
  • apr-0:0.9.4-26.el4
  • apr-devel-0:0.9.4-26.el4
  • apr-0:1.2.7-11.el5_6.5
  • apr-devel-0:1.2.7-11.el5_6.5
  • apr-docs-0:1.2.7-11.el5_6.5
  • apr-0:1.3.9-3.el6_1.2
  • apr-devel-0:1.3.9-3.el6_1.2
refmap via4
confirm
hp
  • HPSBOV02822
  • SSRT100966
mandriva MDVSA-2011:095
mlist
  • [httpd-announce] 20110519 Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11
  • [oss-security] 20110519 CVE request: DoS in apr due to CVE-2011-0419 fix
  • [oss-security] 20110519 Re: CVE request: DoS in apr due to CVE-2011-0419 fix
  • [www-announce] 20110519 Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11
secunia
  • 44558
  • 44613
  • 44661
  • 44780
  • 48308
suse SUSE-SU-2011:1229
vupen
  • ADV-2011-1289
  • ADV-2011-1290
Last major update 29-10-2012 - 23:53
Published 24-05-2011 - 19:55
Last modified 05-01-2018 - 21:29
Back to Top