CVE-2011-1928

medium

Apache

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Score

14.4%

Exploitation probability in 30 days

Top 6% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

None

Availability

Published: May 24, 2011 (5469 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

CWE

CWE-399

Affected Products

apache apr-utilapache http server

References

🔗 bugs.debian.org 🔗 lists.opensuse.org 🔗 mail-archives.apache.org 🔗 mail-archives.apache.org 🔗 marc.info

CVE-2011-1928

Vulnerability Report

Description

CWE

Affected Products

References