Apache – CVE-2011-0419

Description

Kayran has detected that the Version of Apache HTTP Server being used has a flaw in the apr_fnmatch() function of the bundled APR library.
CVE-2011-0419 is categorized as an ‘Allocation of Resources Without Limits or Throttling’ vulnerability (CWE-770).

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated. That happens in violation of the intended security policy for that specific actor.

A Stack Consumption vulnerability in the fnmatch implementation in apr_fnmatch.c was found in the Apache Portable Runtime (APR) library being used.
That will allow context-dependent attackers to cause a Denial of Service (DoS) through CPU and memory consumption.

It will cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2011-0419, upgrade the version of Apache HTTP Server being used to either 2.0.65 or 2.2.19.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

https://cwe.mitre.org/data/definitions/770.html

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »