FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache APR -- DoS vulnerabilities

Affected packages
apr1 <


VuXML ID 99a5590c-857e-11e0-96b7-00300582f9fc
Discovery 2011-05-19
Entry 2011-05-23

The Apache Portable Runtime Project reports:

A flaw was discovered in the apr_fnmatch() function in the Apache Portable Runtime (APR) library 1.4.4 (or any backported versions that contained the upstream fix for CVE-2011-0419). This could cause httpd workers to enter a hung state (100% CPU utilization).

apr-util 1.3.11 could cause crashes with httpd's mod_authnz_ldap in some situations.


Bugtraq ID 47929
CVE Name CVE-2011-0419
CVE Name CVE-2011-1928