VulnerableCode Vulnerability Details

System	Score	Found at
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00613	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00613	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00613	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00613	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00677	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00884	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00884	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00884	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00884	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00884	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
epss	0.00884	https://api.first.org/data/v1/epss?cve=CVE-2011-4415
cvssv2	1.2	https://nvd.nist.gov/vuln/detail/CVE-2011-4415

Data source	Exploit-DB
Date added	March 29, 2017
Description	Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
Ransomware campaign use	Unknown
Source publication date	Nov. 2, 2011
Exploit type	dos
Platform	linux
Source update date	March 29, 2017
Source URL	http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/

Vector: AV:L/AC:H/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-4415

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vulnerability ID	VCID-7ux2-rxgt-aaam
Aliases	CVE-2011-4415
Summary	The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
Status	Published
Exploitability	2.0
Weighted Severity	1.1
Risk	2.2
Affected and Fixed Packages	Package Details

Percentile	0.05128
EPSS Score	0.00042
Published At	Nov. 1, 2024, midnight

Reference id	Reference type	URL
		http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4415.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-4415
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4415
		http://www.gossamer-threads.com/lists/apache/dev/403775
		http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html
cpe:2.3:a:apache:http_server:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0:::::::*
cpe:2.3:a:apache:http_server:2.0.28:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.28:::::::*
cpe:2.3:a:apache:http_server:2.0.28:beta::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.28:beta::::::
cpe:2.3:a:apache:http_server:2.0.32:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.32:::::::*
cpe:2.3:a:apache:http_server:2.0.32:beta::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.32:beta::::::
cpe:2.3:a:apache:http_server:2.0.34:beta::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.34:beta::::::
cpe:2.3:a:apache:http_server:2.0.35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.35:::::::*
cpe:2.3:a:apache:http_server:2.0.36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.36:::::::*
cpe:2.3:a:apache:http_server:2.0.37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.37:::::::*
cpe:2.3:a:apache:http_server:2.0.38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.38:::::::*
cpe:2.3:a:apache:http_server:2.0.39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.39:::::::*
cpe:2.3:a:apache:http_server:2.0.40:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.40:::::::*
cpe:2.3:a:apache:http_server:2.0.41:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.41:::::::*
cpe:2.3:a:apache:http_server:2.0.42:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.42:::::::*
cpe:2.3:a:apache:http_server:2.0.43:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.43:::::::*
cpe:2.3:a:apache:http_server:2.0.44:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.44:::::::*
cpe:2.3:a:apache:http_server:2.0.45:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.45:::::::*
cpe:2.3:a:apache:http_server:2.0.46:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.46:::::::*
cpe:2.3:a:apache:http_server:2.0.47:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.47:::::::*
cpe:2.3:a:apache:http_server:2.0.48:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.48:::::::*
cpe:2.3:a:apache:http_server:2.0.49:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.49:::::::*
cpe:2.3:a:apache:http_server:2.0.50:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.50:::::::*
cpe:2.3:a:apache:http_server:2.0.51:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.51:::::::*
cpe:2.3:a:apache:http_server:2.0.52:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.52:::::::*
cpe:2.3:a:apache:http_server:2.0.53:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.53:::::::*
cpe:2.3:a:apache:http_server:2.0.54:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.54:::::::*
cpe:2.3:a:apache:http_server:2.0.55:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.55:::::::*
cpe:2.3:a:apache:http_server:2.0.56:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.56:::::::*
cpe:2.3:a:apache:http_server:2.0.57:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.57:::::::*
cpe:2.3:a:apache:http_server:2.0.58:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.58:::::::*
cpe:2.3:a:apache:http_server:2.0.59:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.59:::::::*
cpe:2.3:a:apache:http_server:2.0.60:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.60:::::::*
cpe:2.3:a:apache:http_server:2.0.61:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.61:::::::*
cpe:2.3:a:apache:http_server:2.0.63:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.63:::::::*
cpe:2.3:a:apache:http_server:2.0.64:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.64:::::::*
cpe:2.3:a:apache:http_server:2.0.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.9:::::::*
cpe:2.3:a:apache:http_server:2.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.0:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.1:::::::*
cpe:2.3:a:apache:http_server:2.2.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.10:::::::*
cpe:2.3:a:apache:http_server:2.2.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.11:::::::*
cpe:2.3:a:apache:http_server:2.2.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.12:::::::*
cpe:2.3:a:apache:http_server:2.2.13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.13:::::::*
cpe:2.3:a:apache:http_server:2.2.14:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.14:::::::*
cpe:2.3:a:apache:http_server:2.2.15:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.15:::::::*
cpe:2.3:a:apache:http_server:2.2.16:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.16:::::::*
cpe:2.3:a:apache:http_server:2.2.18:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.18:::::::*
cpe:2.3:a:apache:http_server:2.2.19:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.19:::::::*
cpe:2.3:a:apache:http_server:2.2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.20:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.20:::::::*
cpe:2.3:a:apache:http_server:2.2.21:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.21:::::::*
cpe:2.3:a:apache:http_server:2.2.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.3:::::::*
cpe:2.3:a:apache:http_server:2.2.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.4:::::::*
cpe:2.3:a:apache:http_server:2.2.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.6:::::::*
cpe:2.3:a:apache:http_server:2.2.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.8:::::::*
cpe:2.3:a:apache:http_server:2.2.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.9:::::::*
CVE-2011-4415		https://nvd.nist.gov/vuln/detail/CVE-2011-4415
CVE-2011-4415;CVE-2011-3607	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/41769.txt
CVE-2011-4415;CVE-2011-3607	Exploit	http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/