Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (4)
| Vulnerability |
Summary |
Aliases |
|
VCID-29bh-jatc-73ad
|
Memory consumption errors in Apache Portable Runtime and APR
Utility Library could result in Denial of Service.
|
CVE-2012-0840
|
|
VCID-3cea-3rkm-r7gs
|
A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.
Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack.
Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65)
|
CVE-2011-0419
|
|
VCID-qebd-7szr-y7cx
|
Memory consumption errors in Apache Portable Runtime and APR
Utility Library could result in Denial of Service.
|
CVE-2011-1928
|
|
VCID-y8nd-7h3r-7fh5
|
A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.
|
CVE-2010-1623
|