HTTP: Apache APR apr_fnmatch Stack Overflow Denial of Service
This signature detects attempts to exploit a known vulnerability against the Apache HTTP service.Its due to improper implementation of fnmatch, in the apr_fnmatch.c component. A remote attacker can exploit this vulnerability on target systems which host applications utilizing the affected APR. A successful attack would cause a denial of service condition on the target server.
Extended Description
Apache APR is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Apache APR versions prior to 1.4.4 are vulnerable.
Affected Products
Xerox freeflow_print_server_(ffps),Avaya call_management_system
Short Name
HTTP:APACHE:APR-DOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
APR Apache CVE-2011-0419 Denial Overflow Service Stack apr_fnmatch bid:47820 of
Release Date
06/22/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Apache_software_foundation
Red_hat
Ibm
Sun
Hp
Avaya
Xerox
Fujitsu
Slackware
Ubuntu
Mandriva
Netbsd
Debian
Apple
CVSS Score
4.3