Download
| Alert*
|
oval:org.secpod.oval:def:601565
libapr1 is installed oval:org.secpod.oval:def:706117 apr: Apache Portable Runtime Library APR could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:89372 Ronald Crane discovered that missing input saniting in the apr_encode functions of apr, the Apache Portable Runtime library, may result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:1901678 When apr_time_exp* or apr_os_exp_time* functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value ... oval:org.secpod.oval:def:600527 A flaw was found in the APR library, which could be exploited through Apache HTTPD"s mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used ... oval:org.secpod.oval:def:600529 The recent APR update DSA-2237-1 introduced a regression that could lead to an endless loop in the apr_fnmatch function, causing a denial of service. This update fixes this problem . For reference, the description of the original DSA, which fixed CVE-2011-0419: A flaw was found in the APR library, w ... |
