Search for vulnerabilities
Vulnerability details: VCID-n263-ysqy-aaam
Vulnerability ID VCID-n263-ysqy-aaam
Aliases CVE-2011-1928
Summary The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
rhas Low https://access.redhat.com/errata/RHSA-2011:0844
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.03395 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.05516 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.05516 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.05516 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.05516 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.14392 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
epss 0.17148 https://api.first.org/data/v1/epss?cve=CVE-2011-1928
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=706203
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2011-1928
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E
http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403@apache.org%3E
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005@apache.org%3e
http://marc.info/?l=bugtraq&m=134987041210674&w=2
http://openwall.com/lists/oss-security/2011/05/19/10
http://openwall.com/lists/oss-security/2011/05/19/5
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1928.json
https://api.first.org/data/v1/epss?cve=CVE-2011-1928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928
http://secunia.com/advisories/44558
http://secunia.com/advisories/44613
http://secunia.com/advisories/44661
http://secunia.com/advisories/44780
http://secunia.com/advisories/48308
https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
http://www.redhat.com/support/errata/RHSA-2011-0844.html
http://www.vupen.com/english/advisories/2011/1289
http://www.vupen.com/english/advisories/2011/1290
627182 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
706203 https://bugzilla.redhat.com/show_bug.cgi?id=706203
cpe:2.3:a:apache:apr-util:1.4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
CVE-2011-1928 https://nvd.nist.gov/vuln/detail/CVE-2011-1928
GLSA-201405-24 https://security.gentoo.org/glsa/201405-24
RHSA-2011:0844 https://access.redhat.com/errata/RHSA-2011:0844
USN-1134-1 https://usn.ubuntu.com/1134-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1928
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91650
EPSS Score 0.03395
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.