Description

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

Remediation

References

CVE-2011-1928

Related Vulnerabilities

WordPress Plugin Podlove Podcast Publisher SQL Injection (3.5.5)

WordPress Plugin AccessPress Social Icons Multiple Cross-Site Scripting Vulnerabilities (1.5.5)

Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33511)

PostgreSQL Other Vulnerability (CVE-2006-2313)

WordPress Other Vulnerability (CVE-2016-2222)

Severity

Medium

Classification

CVE-2011-1928

Tags

Missing Update Known Vulnerabilities