Check Point Advisories

Apache APR apr_fnmatch Stack Overflow Denial of Service

Check Point Reference: CPAI-2011-111
Date Published: 15 Jul 2011
Severity: High
Last Updated: Saturday 01 January, 2011
Source:
Industry Reference:CVE-2011-0419
Protection Provided by:
Who is Vulnerable? Apache Software Foundation apr 1.4.3 and prior
Apache Software Foundation httpd prior to 2.2.18
Vulnerability Description A stack overflow vulnerability exists in Apache's APR library. The vulnerability is due to an error in directory file listing function, while parsing requests from a user.
Vulnerability DetailsA stack overflow vulnerability exists in Apache's APR library. The vulnerability is due to an error in directory file listing function, while parsing requests from a user. The function accepts a pattern to list only matching files. If the function is passed a sufficiently complicated pattern, it can exhaust all the space on the stack of a process handling the user request, leading to a stack overflow.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK