Oval Definition:oval:org.mitre.oval:def:21940
Revision Date:2014-02-24Version:10
Title:RHSA-2011:0844: apr security update (Low)
Description:The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2011:0844
CVE-2011-1928
RHSA-2011:0844-01
Platform(s):CentOS Linux 5
CentOS Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s):apr
Definition Synopsis
  • Operation system section
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • apr-devel is earlier than 0:1.2.7-11.el5_6.5
  • OR apr-docs is earlier than 0:1.2.7-11.el5_6.5
  • OR apr is earlier than 0:1.2.7-11.el5_6.5
  • Operation system section
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • AND Packages section
  • apr-devel is earlier than 0:1.3.9-3.el6_1.2
  • OR apr is earlier than 0:1.3.9-3.el6_1.2
    • BACK