ID

VAR-201105-0094


CVE

CVE-2011-1928


TITLE

APR Library and Apache HTTP Server of fnmatch Service disruption in implementation ( infinite loop ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-001668

DESCRIPTION

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. This vulnerability CVE-2011-0419 Vulnerability due to incomplete fix.Does not match wildcard pattern type by a third party URI Through service disruption ( infinite loop ) There is a possibility of being put into a state. Apache APR is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to cause excessive CPU usage, resulting in denial-of-service conditions. Apache APR 1.4.4 is affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03280632 Version: 1 HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-04-16 Last Updated: 2012-04-16 Potential Security Impact: Remote cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. References: CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192, CVE-2011-3267, CVE-2011-3268, CVE-2011-3207, CVE-2011-3210, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639, CVE-2011-3846, SSRT100376, CVE-2011-4317, CVE-2012-0135, SSRT100609, CVE-2012-1993, SSRT10043 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-0037 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0734 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-1623 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-2791 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-3436 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2010-4409 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0195 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1148 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1153 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1464 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1467 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-1468 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1471 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1938 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1945 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2011-2192 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-2202 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2011-2483 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3182 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3189 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-3267 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3268 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3348 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3639 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3846 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0135 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2012-1993 (AV:L/AC:L/Au:S/C:P/I:P/A:N) 3.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Sow Ching Shiong coordinating with Secunia for reporting CVE-2011-3846 to security-alert@hp.com. RESOLUTION HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. SMH v7.0 is available here: http://h18000.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) 16 April 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk+MKDYACgkQ4B86/C0qfVkIIgCeIhDxobSe39v5hyk0GRrO6Zaw OHIAoMmRE1imNBs6CtS/6/l1kZY3fwop =hsl/ -----END PGP SIGNATURE----- . Background ========== The Apache Portable Runtime (aka APR) provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and database connections. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Portable Runtime users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-1.4.8-r1" All users of the APR Utility Library should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.10" Packages which depend on these libraries may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2010-1623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1623 [ 2 ] CVE-2011-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0419 [ 3 ] CVE-2011-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1928 [ 4 ] CVE-2012-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0840 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This update fixes this problem (CVE-2011-1928). For reference, the description of the original DSA, which fixed CVE-2011-0419: A flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. For the oldstable distribution (lenny), this problem has been fixed in version 1.2.12-5+lenny4. For the stable distribution (squeeze), this problem has been fixed in version 1.4.2-6+squeeze2. For the testing distribution (wheezy), this problem will be fixed in version 1.4.5-1. For the unstable distribution (sid), this problem will be fixed in version 1.4.5-1. We recommend that you upgrade your apr packages and restart the apache2 server. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFN13A7bxelr8HyTqQRAvzpAJ9UKzrunYOHUwdLJTgCn8FpBVFRwwCghXmu QKovjSgHsOiO+ihaTmtsAFI= =mU7B -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. Packages for 2010.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Update: Packages for Mandriva Linux 2010.0 were missing with the MDVSA-2011:095 advisory. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: a77fb6f726a2997fc98cd429dd287c76 2010.0/i586/libapr1-1.3.9-1.2mdv2010.0.i586.rpm 2cb83dae47a2044539133deed81a48b0 2010.0/i586/libapr-devel-1.3.9-1.2mdv2010.0.i586.rpm a5edcd45a4ad1e4ff2aff2b9b9ce709e 2010.0/SRPMS/apr-1.3.9-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 1bc50f60858c9773b546304bff84787a 2010.0/x86_64/lib64apr1-1.3.9-1.2mdv2010.0.x86_64.rpm 7ec09ad50ab59cbbd77f402797df67bc 2010.0/x86_64/lib64apr-devel-1.3.9-1.2mdv2010.0.x86_64.rpm a5edcd45a4ad1e4ff2aff2b9b9ce709e 2010.0/SRPMS/apr-1.3.9-1.2mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security

Trust: 2.43

sources: NVD: CVE-2011-1928 // JVNDB: JVNDB-2011-001668 // BID: 47929 // PACKETSTORM: 111915 // PACKETSTORM: 126689 // PACKETSTORM: 101599 // PACKETSTORM: 112043 // PACKETSTORM: 117251 // PACKETSTORM: 101611

AFFECTED PRODUCTS

vendor:apachemodel:apr-utilscope:eqversion:1.4.4

Trust: 1.9

vendor:apachemodel:apr-utilscope:eqversion:1.4.3

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.2.18

Trust: 1.6

vendor:apachemodel:http serverscope:ltversion:2.2.19

Trust: 0.8

vendor:apachemodel:portable runtimescope:ltversion:1.4.5

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:11 express

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:hewlett packardmodel:hp secure web server for openvmsscope:lteversion:v2.2

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux eusscope:eqversion:5.6.z (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux long lifescope:eqversion:(v. 5.6 server)

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux server eusscope:eqversion:6.1.z

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope:eqversion:8.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l11scope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l11scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0-103

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0.95

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1.73

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 6.0ascope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0-95

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developer l10scope:eqversion:7.0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.3

Trust: 0.3

vendor:fujitsumodel:interstage business application server standard editionscope:eqversion:8.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:7.0

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:8.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:5.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10scope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:apachemodel:aprscope:neversion:1.4.5

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:8.0.3

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:5.0.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10ascope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:10

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition 6.0ascope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.0-68

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.3

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0.1

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:11

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.2

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2-77

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10scope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.8

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:avayamodel:aura sip enablement services ssp3scope:neversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:neversion:6.2

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10bscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2.77

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10cscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l20scope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:apachemodel:aprscope:eqversion:1.4.4

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0.1

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1-73

Trust: 0.3

vendor:apachemodel:apachescope:neversion:2.2.19

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developer l10scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.27

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10scope:eqversion:7.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.96

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l11scope:eqversion:7.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:interactive responsescope:eqversion:4.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10scope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.103

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0ascope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:neversion:6.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10cscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition bscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:system management homepage bscope:eqversion:3.0.2.77

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l11scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l11scope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:message networking sp1scope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.18

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.64

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10ascope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.1.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication manager ssp3scope:neversion:5.2.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l11scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition bscope:eqversion:9.0.1

Trust: 0.3

vendor:fujitsumodel:interstage business application server standard editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp3scope:eqversion:5.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10bscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.0-12

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.68

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.102

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

sources: BID: 47929 // JVNDB: JVNDB-2011-001668 // CNNVD: CNNVD-201105-237 // NVD: CVE-2011-1928

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1928
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-1928
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201105-237
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2011-1928
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-001668 // CNNVD: CNNVD-201105-237 // NVD: CVE-2011-1928

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2011-001668 // NVD: CVE-2011-1928

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201105-237

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201105-237

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001668

PATCH

title:Apache HTTP Server 2.2.19 Releasedurl:http://www.apache.org/dist/httpd/Announcement2.2.html

Trust: 0.8

title:Changes for APR 1.4.5url:http://www.apache.org/dist/apr/CHANGES-APR-1.4

Trust: 0.8

title:apr-1.2.7-11.AXS3.5url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1444

Trust: 0.8

title:HPSBOV02822 SSRT100966url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954

Trust: 0.8

title:2223url:https://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2223

Trust: 0.8

title:2229url:https://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2229

Trust: 0.8

title:RHSA-2011:0844url:https://rhn.redhat.com/errata/RHSA-2011-0844.html

Trust: 0.8

title:multiple_vulnerabilities_in_apache_portableurl:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_portable

Trust: 0.8

title:Apache HTTP Server and Apache Portable Runtime Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234644

Trust: 0.6

sources: JVNDB: JVNDB-2011-001668 // CNNVD: CNNVD-201105-237

EXTERNAL IDS

db:NVDid:CVE-2011-1928

Trust: 3.3

db:SECUNIAid:44558

Trust: 2.4

db:SECUNIAid:44661

Trust: 2.4

db:SECUNIAid:44613

Trust: 1.6

db:SECUNIAid:48308

Trust: 1.6

db:SECUNIAid:44780

Trust: 1.6

db:VUPENid:ADV-2011-1290

Trust: 1.6

db:VUPENid:ADV-2011-1289

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2011/05/19/10

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2011/05/19/5

Trust: 1.6

db:BIDid:47929

Trust: 1.1

db:JVNDBid:JVNDB-2011-001668

Trust: 0.8

db:CNNVDid:CNNVD-201105-237

Trust: 0.6

db:PACKETSTORMid:111915

Trust: 0.1

db:PACKETSTORMid:126689

Trust: 0.1

db:PACKETSTORMid:101599

Trust: 0.1

db:PACKETSTORMid:112043

Trust: 0.1

db:PACKETSTORMid:117251

Trust: 0.1

db:PACKETSTORMid:101611

Trust: 0.1

sources: BID: 47929 // JVNDB: JVNDB-2011-001668 // PACKETSTORM: 111915 // PACKETSTORM: 126689 // PACKETSTORM: 101599 // PACKETSTORM: 112043 // PACKETSTORM: 117251 // PACKETSTORM: 101611 // CNNVD: CNNVD-201105-237 // NVD: CVE-2011-1928

REFERENCES

url:http://secunia.com/advisories/44558

Trust: 2.4

url:http://secunia.com/advisories/44661

Trust: 2.4

url:http://openwall.com/lists/oss-security/2011/05/19/10

Trust: 1.6

url:http://www.vupen.com/english/advisories/2011/1290

Trust: 1.6

url:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182

Trust: 1.6

url:http://secunia.com/advisories/48308

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:095

Trust: 1.6

url:http://secunia.com/advisories/44613

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

Trust: 1.6

url:http://www.redhat.com/support/errata/rhsa-2011-0844.html

Trust: 1.6

url:https://issues.apache.org/bugzilla/show_bug.cgi?id=51219

Trust: 1.6

url:http://www.vupen.com/english/advisories/2011/1289

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=134987041210674&w=2

Trust: 1.6

url:http://openwall.com/lists/oss-security/2011/05/19/5

Trust: 1.6

url:http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4dd55076.1060005%40apache.org%3e

Trust: 1.6

url:http://secunia.com/advisories/44780

Trust: 1.6

url:http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3c4dd55092.3030403%40apache.org%3e

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1928

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1928

Trust: 0.8

url:http://www.securityfocus.com/bid/47929

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-0419

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2011-1928

Trust: 0.6

url:httpd-announce/201105.mbox/%3c4dd55092.3030403%40apache.org%3e

Trust: 0.6

url:http://mail-archives.apache.org/mod_mbox/

Trust: 0.6

url:http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/browser

Trust: 0.3

url:http://apr.apache.org/

Trust: 0.3

url:http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/raw/%3c4dd55092.3030403@apache.org%3e/2

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100144224

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100150721

Trust: 0.3

url:http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301&ac.admitted=1332965374461.876444892.492883150

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03517954&ac.admitted=1349807398574.876444892.199480143

Trust: 0.3

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201104e.html

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_portable

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-1623

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3192

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.3

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-4409

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1468

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1148

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-3182

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1467

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1471

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-1452

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0734

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1470

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2202

Trust: 0.2

url:http://h18000.www1.hp.com/products/servers/management/agents/index.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-4645

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1945

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-2068

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1938

Trust: 0.2

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-3436

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2483

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-0014

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1464

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1153

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-0195

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-0037

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2192

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-2791

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-3189

Trust: 0.2

url:http://secunia.com/

Trust: 0.2

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.2

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0419

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0840

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201405-24.xml

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0840

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1623

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0031

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3607

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://store.mandriva.com/product_info.php?cpath=149&products_id=490

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

sources: BID: 47929 // JVNDB: JVNDB-2011-001668 // PACKETSTORM: 111915 // PACKETSTORM: 126689 // PACKETSTORM: 101599 // PACKETSTORM: 112043 // PACKETSTORM: 117251 // PACKETSTORM: 101611 // CNNVD: CNNVD-201105-237 // NVD: CVE-2011-1928

CREDITS

Apache Software Foundation

Trust: 0.3

sources: BID: 47929

SOURCES

db:BIDid:47929
db:JVNDBid:JVNDB-2011-001668
db:PACKETSTORMid:111915
db:PACKETSTORMid:126689
db:PACKETSTORMid:101599
db:PACKETSTORMid:112043
db:PACKETSTORMid:117251
db:PACKETSTORMid:101611
db:CNNVDid:CNNVD-201105-237
db:NVDid:CVE-2011-1928

LAST UPDATE DATE

2024-11-23T20:53:29.022000+00:00


SOURCES UPDATE DATE

db:BIDid:47929date:2015-04-13T22:01:00
db:JVNDBid:JVNDB-2011-001668date:2012-11-28T00:00:00
db:CNNVDid:CNNVD-201105-237date:2023-04-24T00:00:00
db:NVDid:CVE-2011-1928date:2024-11-21T01:27:19.663

SOURCES RELEASE DATE

db:BIDid:47929date:2011-05-19T00:00:00
db:JVNDBid:JVNDB-2011-001668date:2011-06-02T00:00:00
db:PACKETSTORMid:111915date:2012-04-17T20:34:39
db:PACKETSTORMid:126689date:2014-05-19T03:19:12
db:PACKETSTORMid:101599date:2011-05-21T14:45:49
db:PACKETSTORMid:112043date:2012-04-20T20:15:33
db:PACKETSTORMid:117251date:2012-10-10T02:28:54
db:PACKETSTORMid:101611date:2011-05-23T14:26:23
db:CNNVDid:CNNVD-201105-237date:2011-05-23T00:00:00
db:NVDid:CVE-2011-1928date:2011-05-24T23:55:03.573