Release date:
Updated on:
Affected Systems:
Apache Group Apache Software Foundation 2.2.18
Apache Group APR 1.4.4
Unaffected system:
Apache Group Apache Software Foundation 2.2.19
Apache Group APR 1.4.5
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47929
Cve id: CVE-2011-1928
APR (Apache Portable Runtime Library) provides an underlying support interface library for upper-layer applications that can be used across multiple operating systems platforms.
Apache APR "apr_fnmatch.c" has a denial of service vulnerability. Remote attackers can exploit this vulnerability to occupy a large amount of CPU resources, resulting in DOS.
<* Source: Apache Software Foundation
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://httpd.apache.org/