Apache – CVE-2011-0419

Description

Kayran has detected that the Version of Apache HTTP Server being used has a flaw in the apr_fnmatch() function of the bundled APR library.
CVE-2011-0419 is categorized as an ‘Allocation of Resources Without Limits or Throttling’ vulnerability (CWE-770).

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated. That happens in violation of the intended security policy for that specific actor.

A Stack Consumption vulnerability in the fnmatch implementation in apr_fnmatch.c was found in the Apache Portable Runtime (APR) library being used.
That will allow context-dependent attackers to cause a Denial of Service (DoS) through CPU and memory consumption.

It will cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2011-0419, upgrade the version of Apache HTTP Server being used to either 2.0.65 or 2.2.19.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

https://cwe.mitre.org/data/definitions/770.html

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »