Apache – CVE-2011-0419

Description

Cytrix has detected that the Version of Apache HTTP Server being used has a flaw in the apr_fnmatch() function of the bundled APR library.
CVE-2011-0419 is categorized as an ‘Allocation of Resources Without Limits or Throttling’ vulnerability (CWE-770).

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated. That happens in violation of the intended security policy for that specific actor.

A Stack Consumption vulnerability in the fnmatch implementation in apr_fnmatch.c was found in the Apache Portable Runtime (APR) library being used.
That will allow context-dependent attackers to cause a Denial of Service (DoS) through CPU and memory consumption.

It will cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2011-0419, upgrade the version of Apache HTTP Server being used to either 2.0.65 or 2.2.19.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

https://cwe.mitre.org/data/definitions/770.html

< Return to all Vulnerabilities

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »