ID

VAR-201105-0094


CVE

CVE-2011-1928


TITLE

APR Library and Apache HTTP Server of fnmatch Service disruption in implementation ( infinite loop ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-001668

DESCRIPTION

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. This vulnerability CVE-2011-0419 Vulnerability due to incomplete fix.Does not match wildcard pattern type by a third party URI Through service disruption ( infinite loop ) There is a possibility of being put into a state. Apache APR is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to cause excessive CPU usage, resulting in denial-of-service conditions. Apache APR 1.4.4 is affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: apr security update Advisory ID: RHSA-2011:0844-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0844.html Issue date: 2011-05-31 CVE Names: CVE-2011-1928 ===================================================================== 1. Summary: Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928) Note: This problem affected httpd configurations using the "Location" directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 706203 - CVE-2011-1928 apr: DoS flaw in apr_fnmatch() due to fix for CVE-2011-0419 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm ia64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.ia64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.ia64.rpm apr-devel-0.9.4-26.el4.ia64.rpm ppc: apr-0.9.4-26.el4.ppc.rpm apr-0.9.4-26.el4.ppc64.rpm apr-debuginfo-0.9.4-26.el4.ppc.rpm apr-debuginfo-0.9.4-26.el4.ppc64.rpm apr-devel-0.9.4-26.el4.ppc.rpm s390: apr-0.9.4-26.el4.s390.rpm apr-debuginfo-0.9.4-26.el4.s390.rpm apr-devel-0.9.4-26.el4.s390.rpm s390x: apr-0.9.4-26.el4.s390.rpm apr-0.9.4-26.el4.s390x.rpm apr-debuginfo-0.9.4-26.el4.s390.rpm apr-debuginfo-0.9.4-26.el4.s390x.rpm apr-devel-0.9.4-26.el4.s390x.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm ia64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.ia64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.ia64.rpm apr-devel-0.9.4-26.el4.ia64.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm ia64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.ia64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.ia64.rpm apr-devel-0.9.4-26.el4.ia64.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm i386: apr-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-docs-1.2.7-11.el5_6.5.i386.rpm x86_64: apr-1.2.7-11.el5_6.5.i386.rpm apr-1.2.7-11.el5_6.5.x86_64.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm apr-docs-1.2.7-11.el5_6.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm i386: apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm x86_64: apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm i386: apr-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm apr-docs-1.2.7-11.el5_6.5.i386.rpm ia64: apr-1.2.7-11.el5_6.5.ia64.rpm apr-debuginfo-1.2.7-11.el5_6.5.ia64.rpm apr-devel-1.2.7-11.el5_6.5.ia64.rpm apr-docs-1.2.7-11.el5_6.5.ia64.rpm ppc: apr-1.2.7-11.el5_6.5.ppc.rpm apr-1.2.7-11.el5_6.5.ppc64.rpm apr-debuginfo-1.2.7-11.el5_6.5.ppc.rpm apr-debuginfo-1.2.7-11.el5_6.5.ppc64.rpm apr-devel-1.2.7-11.el5_6.5.ppc.rpm apr-devel-1.2.7-11.el5_6.5.ppc64.rpm apr-docs-1.2.7-11.el5_6.5.ppc.rpm s390x: apr-1.2.7-11.el5_6.5.s390.rpm apr-1.2.7-11.el5_6.5.s390x.rpm apr-debuginfo-1.2.7-11.el5_6.5.s390.rpm apr-debuginfo-1.2.7-11.el5_6.5.s390x.rpm apr-devel-1.2.7-11.el5_6.5.s390.rpm apr-devel-1.2.7-11.el5_6.5.s390x.rpm apr-docs-1.2.7-11.el5_6.5.s390x.rpm x86_64: apr-1.2.7-11.el5_6.5.i386.rpm apr-1.2.7-11.el5_6.5.x86_64.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.x86_64.rpm apr-docs-1.2.7-11.el5_6.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm x86_64: apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm x86_64: apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm ppc64: apr-1.3.9-3.el6_1.2.ppc.rpm apr-1.3.9-3.el6_1.2.ppc64.rpm apr-debuginfo-1.3.9-3.el6_1.2.ppc.rpm apr-debuginfo-1.3.9-3.el6_1.2.ppc64.rpm apr-devel-1.3.9-3.el6_1.2.ppc.rpm apr-devel-1.3.9-3.el6_1.2.ppc64.rpm s390x: apr-1.3.9-3.el6_1.2.s390.rpm apr-1.3.9-3.el6_1.2.s390x.rpm apr-debuginfo-1.3.9-3.el6_1.2.s390.rpm apr-debuginfo-1.3.9-3.el6_1.2.s390x.rpm apr-devel-1.3.9-3.el6_1.2.s390.rpm apr-devel-1.3.9-3.el6_1.2.s390x.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1928.html https://access.redhat.com/security/updates/classification/#low https://rhn.redhat.com/errata/RHSA-2011-0507.html 8. Contact: The Red Hat security contact is &lt;secalert@redhat.com&gt;. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5RAiXlSAg2UNWIIRAuwdAJ9vddMlxPWoOqzsNz37JmvVmqSKfgCfchI5 R4u+hsr+KDZ1nnC2K8wCJ9c= =e0/T -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and database connections. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Portable Runtime users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-1.4.8-r1" All users of the APR Utility Library should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.10" Packages which depend on these libraries may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2010-1623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1623 [ 2 ] CVE-2011-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0419 [ 3 ] CVE-2011-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1928 [ 4 ] CVE-2012-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0840 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03280632 Version: 2 HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-04-16 Last Updated: 2012-04-19 Potential Security Impact: Remote cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. References: CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192, CVE-2011-3267, CVE-2011-3268, CVE-2011-3207, CVE-2011-3210, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639, CVE-2011-3846, SSRT100376, CVE-2012-0135, SSRT100609, CVE-2012-1993, SSRT10043 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-0037 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0734 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-1623 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-2791 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-3436 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2010-4409 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0195 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1148 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1153 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1464 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1467 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-1468 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1471 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1938 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1945 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2011-2192 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-2202 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2011-2483 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3182 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3189 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-3267 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3268 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3348 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3639 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3846 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-0135 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2012-1993 (AV:L/AC:L/Au:S/C:P/I:P/A:N) 3.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Sow Ching Shiong coordinating with Secunia for reporting CVE-2011-3846 to security-alert@hp.com. The Hewlett-Packard Company thanks Silent Dream for reporting CVE-2012-0135 to security-alert@hp.com RESOLUTION HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. SMH v7.0 is available here: http://h18000.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) 16 April 2012 Initial release Version:2 (rev.2) 19 April 2012 Remove CVE-2011-4317 Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. ========================================================================== Ubuntu Security Notice USN-1134-1 May 24, 2011 apache2, apr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS - Ubuntu 6.06 LTS Summary: A denial of service issue exists that affects the Apache web server. (CVE-2011-1928) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libapr1 1.4.2-7ubuntu2.1 Ubuntu 10.10: libapr1 1.4.2-3ubuntu1.1 Ubuntu 10.04 LTS: libapr1 1.3.8-1ubuntu0.3 Ubuntu 8.04 LTS: libapr1 1.2.11-1ubuntu0.2 Ubuntu 6.06 LTS: libapr0 2.0.55-4ubuntu2.13 After a standard system update you need to restart the Apache web server or any other service that depends on the APR library to make all the necessary changes. Packages for 2010.0 are provided as of the Extended Maintenance Program. Update: Packages for Mandriva Linux 2010.0 were missing with the MDVSA-2011:095 advisory. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD4DBQFN2iiWmqjQ0CJFipgRAtwkAKCAjiWeDSCpeBz8IzxMtpi8XrxLcwCY33lA S7AiWmam6ERQZeIA3TBbYw== =b6Io -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.52

sources: NVD: CVE-2011-1928 // JVNDB: JVNDB-2011-001668 // BID: 47929 // PACKETSTORM: 101874 // PACKETSTORM: 126689 // PACKETSTORM: 112043 // PACKETSTORM: 101574 // PACKETSTORM: 117251 // PACKETSTORM: 101667 // PACKETSTORM: 101611

AFFECTED PRODUCTS

vendor:apachemodel:apr-utilscope:eqversion:1.4.4

Trust: 1.9

vendor:apachemodel:apr-utilscope:eqversion:1.4.3

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.2.18

Trust: 1.6

vendor:apachemodel:http serverscope:ltversion:2.2.19

Trust: 0.8

vendor:apachemodel:portable runtimescope:ltversion:1.4.5

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:11 express

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:hewlett packardmodel:hp secure web server for openvmsscope:lteversion:v2.2

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux eusscope:eqversion:5.6.z (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux long lifescope:eqversion:(v. 5.6 server)

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux server eusscope:eqversion:6.1.z

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope:eqversion:8.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l11scope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l11scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0-103

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0.95

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1.73

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 6.0ascope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0-95

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developer l10scope:eqversion:7.0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.3

Trust: 0.3

vendor:fujitsumodel:interstage business application server standard editionscope:eqversion:8.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:7.0

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:8.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:5.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10scope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:apachemodel:aprscope:neversion:1.4.5

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:8.0.3

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:5.0.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l20scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10ascope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:10

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition 6.0ascope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.0-68

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.3

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0.1

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:11

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.2

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2-77

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10scope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.8

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:avayamodel:aura sip enablement services ssp3scope:neversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:neversion:6.2

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10bscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2.77

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10cscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l20scope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:apachemodel:aprscope:eqversion:1.4.4

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0.1

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1-73

Trust: 0.3

vendor:apachemodel:apachescope:neversion:2.2.19

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developer l10scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.27

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10scope:eqversion:7.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.96

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l11scope:eqversion:7.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10bscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:interactive responsescope:eqversion:4.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10scope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.103

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0ascope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:neversion:6.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10cscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition bscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:system management homepage bscope:eqversion:3.0.2.77

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l11scope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l11scope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:message networking sp1scope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.18

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.64

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j edition l20ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition l10ascope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.1.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication manager ssp3scope:neversion:5.2.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard edition l11scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition bscope:eqversion:9.0.1

Trust: 0.3

vendor:fujitsumodel:interstage business application server standard editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp3scope:eqversion:5.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition l10ascope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus l10bscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.0-12

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.68

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.102

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

sources: BID: 47929 // JVNDB: JVNDB-2011-001668 // CNNVD: CNNVD-201105-237 // NVD: CVE-2011-1928

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1928
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-1928
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201105-237
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2011-1928
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-001668 // CNNVD: CNNVD-201105-237 // NVD: CVE-2011-1928

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2011-001668 // NVD: CVE-2011-1928

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 101874 // PACKETSTORM: 101667 // CNNVD: CNNVD-201105-237

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201105-237

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001668

PATCH

title:Apache HTTP Server 2.2.19 Releasedurl:http://www.apache.org/dist/httpd/Announcement2.2.html

Trust: 0.8

title:Changes for APR 1.4.5url:http://www.apache.org/dist/apr/CHANGES-APR-1.4

Trust: 0.8

title:apr-1.2.7-11.AXS3.5url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1444

Trust: 0.8

title:HPSBOV02822 SSRT100966url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954

Trust: 0.8

title:2223url:https://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2223

Trust: 0.8

title:2229url:https://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2229

Trust: 0.8

title:RHSA-2011:0844url:https://rhn.redhat.com/errata/RHSA-2011-0844.html

Trust: 0.8

title:multiple_vulnerabilities_in_apache_portableurl:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_portable

Trust: 0.8

title:Apache HTTP Server and Apache Portable Runtime Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234644

Trust: 0.6

sources: JVNDB: JVNDB-2011-001668 // CNNVD: CNNVD-201105-237

EXTERNAL IDS

db:NVDid:CVE-2011-1928

Trust: 3.4

db:SECUNIAid:44558

Trust: 2.4

db:SECUNIAid:44661

Trust: 2.4

db:SECUNIAid:44613

Trust: 1.6

db:SECUNIAid:48308

Trust: 1.6

db:SECUNIAid:44780

Trust: 1.6

db:VUPENid:ADV-2011-1290

Trust: 1.6

db:VUPENid:ADV-2011-1289

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2011/05/19/10

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2011/05/19/5

Trust: 1.6

db:BIDid:47929

Trust: 1.1

db:JVNDBid:JVNDB-2011-001668

Trust: 0.8

db:CNNVDid:CNNVD-201105-237

Trust: 0.6

db:PACKETSTORMid:101874

Trust: 0.1

db:PACKETSTORMid:126689

Trust: 0.1

db:PACKETSTORMid:112043

Trust: 0.1

db:PACKETSTORMid:101574

Trust: 0.1

db:PACKETSTORMid:117251

Trust: 0.1

db:PACKETSTORMid:101667

Trust: 0.1

db:PACKETSTORMid:101611

Trust: 0.1

sources: BID: 47929 // JVNDB: JVNDB-2011-001668 // PACKETSTORM: 101874 // PACKETSTORM: 126689 // PACKETSTORM: 112043 // PACKETSTORM: 101574 // PACKETSTORM: 117251 // PACKETSTORM: 101667 // PACKETSTORM: 101611 // CNNVD: CNNVD-201105-237 // NVD: CVE-2011-1928

REFERENCES

url:http://secunia.com/advisories/44558

Trust: 2.4

url:http://secunia.com/advisories/44661

Trust: 2.4

url:http://openwall.com/lists/oss-security/2011/05/19/10

Trust: 1.6

url:http://www.vupen.com/english/advisories/2011/1290

Trust: 1.6

url:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182

Trust: 1.6

url:http://secunia.com/advisories/48308

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:095

Trust: 1.6

url:http://secunia.com/advisories/44613

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

Trust: 1.6

url:http://www.redhat.com/support/errata/rhsa-2011-0844.html

Trust: 1.6

url:https://issues.apache.org/bugzilla/show_bug.cgi?id=51219

Trust: 1.6

url:http://www.vupen.com/english/advisories/2011/1289

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=134987041210674&w=2

Trust: 1.6

url:http://openwall.com/lists/oss-security/2011/05/19/5

Trust: 1.6

url:http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4dd55076.1060005%40apache.org%3e

Trust: 1.6

url:http://secunia.com/advisories/44780

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1928

Trust: 1.0

url:http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3c4dd55092.3030403%40apache.org%3e

Trust: 1.0

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1928

Trust: 0.8

url:http://www.securityfocus.com/bid/47929

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-1928

Trust: 0.7

url:httpd-announce/201105.mbox/%3c4dd55092.3030403%40apache.org%3e

Trust: 0.6

url:http://mail-archives.apache.org/mod_mbox/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2011-0419

Trust: 0.5

url:http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/browser

Trust: 0.3

url:http://apr.apache.org/

Trust: 0.3

url:http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/raw/%3c4dd55092.3030403@apache.org%3e/2

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100144224

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100150721

Trust: 0.3

url:http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301&ac.admitted=1332965374461.876444892.492883150

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03517954&ac.admitted=1349807398574.876444892.199480143

Trust: 0.3

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201104e.html

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_portable

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-1623

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-3192

Trust: 0.2

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.2

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.2

url:http://www.mandriva.com/security/

Trust: 0.2

url:http://store.mandriva.com/product_info.php?cpath=149&amp;products_id=490

Trust: 0.2

url:http://secunia.com/

Trust: 0.2

url:http://www.mandriva.com/security/advisories

Trust: 0.2

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2011-0844.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/kb/docs/doc-11259

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:http://bugzilla.redhat.com/):

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2011-0507.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1928.html

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0419

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0840

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201405-24.xml

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0840

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4409

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1468

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1148

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1467

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2202

Trust: 0.1

url:http://h18000.www1.hp.com/products/servers/management/agents/index.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4645

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1938

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3436

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2192

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2791

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0031

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3607

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apr/1.4.2-7ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.0.55-4ubuntu2.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apr/1.3.8-1ubuntu0.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apr/1.4.2-3ubuntu1.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apr/1.2.11-1ubuntu0.2

Trust: 0.1

sources: BID: 47929 // JVNDB: JVNDB-2011-001668 // PACKETSTORM: 101874 // PACKETSTORM: 126689 // PACKETSTORM: 112043 // PACKETSTORM: 101574 // PACKETSTORM: 117251 // PACKETSTORM: 101667 // PACKETSTORM: 101611 // CNNVD: CNNVD-201105-237 // NVD: CVE-2011-1928

CREDITS

Apache Software Foundation

Trust: 0.3

sources: BID: 47929

SOURCES

db:BIDid:47929
db:JVNDBid:JVNDB-2011-001668
db:PACKETSTORMid:101874
db:PACKETSTORMid:126689
db:PACKETSTORMid:112043
db:PACKETSTORMid:101574
db:PACKETSTORMid:117251
db:PACKETSTORMid:101667
db:PACKETSTORMid:101611
db:CNNVDid:CNNVD-201105-237
db:NVDid:CVE-2011-1928

LAST UPDATE DATE

2024-11-07T21:37:27.184000+00:00


SOURCES UPDATE DATE

db:BIDid:47929date:2015-04-13T22:01:00
db:JVNDBid:JVNDB-2011-001668date:2012-11-28T00:00:00
db:CNNVDid:CNNVD-201105-237date:2023-04-24T00:00:00
db:NVDid:CVE-2011-1928date:2023-11-07T02:07:16.003

SOURCES RELEASE DATE

db:BIDid:47929date:2011-05-19T00:00:00
db:JVNDBid:JVNDB-2011-001668date:2011-06-02T00:00:00
db:PACKETSTORMid:101874date:2011-06-01T06:15:42
db:PACKETSTORMid:126689date:2014-05-19T03:19:12
db:PACKETSTORMid:112043date:2012-04-20T20:15:33
db:PACKETSTORMid:101574date:2011-05-20T14:20:08
db:PACKETSTORMid:117251date:2012-10-10T02:28:54
db:PACKETSTORMid:101667date:2011-05-25T05:53:12
db:PACKETSTORMid:101611date:2011-05-23T14:26:23
db:CNNVDid:CNNVD-201105-237date:2011-05-23T00:00:00
db:NVDid:CVE-2011-1928date:2011-05-24T23:55:03.573