Signature Detail

Short Name	HTTP:APACHE:APR-DOS
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Apache APR apr_fnmatch Stack Overflow Denial of Service
Release Date	2011/06/22
Update Number	1943
Supported Platforms	idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Apache APR apr_fnmatch Stack Overflow Denial of Service

This signature detects attempts to exploit a known vulnerability against the Apache HTTP service.Its due to improper implementation of fnmatch, in the apr_fnmatch.c component. A remote attacker can exploit this vulnerability on target systems which host applications utilizing the affected APR. A successful attack would cause a denial of service condition on the target server.

Extended Description

Apache APR is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Apache APR versions prior to 1.4.4 are vulnerable.

Affected Products

Apache Software Foundation Apache 2.2.0
Apache Software Foundation Apache 2.2.1
Apache Software Foundation Apache 2.2.10
Apache Software Foundation Apache 2.2.11
Apache Software Foundation Apache 2.2.12
Apache Software Foundation Apache 2.2.13
Apache Software Foundation Apache 2.2.14
Apache Software Foundation Apache 2.2.15
Apache Software Foundation Apache 2.2.15-Dev
Apache Software Foundation Apache 2.2.16
Apache Software Foundation Apache 2.2.17
Apache Software Foundation Apache 2.2.2
Apache Software Foundation Apache 2.2.3
Apache Software Foundation Apache 2.2.4
Apache Software Foundation Apache 2.2.5
Apache Software Foundation Apache 2.2.5-Dev
Apache Software Foundation Apache 2.2.6
Apache Software Foundation Apache 2.2.6-Dev
Apache Software Foundation Apache 2.2.7-Dev
Apache Software Foundation Apache 2.2.8
Apache Software Foundation Apache 2.2.9
Apache Software Foundation APR 1.4.2
Apache Software Foundation APR 1.4.3
Apple Mac Os X 10.6.5
Apple Mac Os X 10.6.6
Apple Mac Os X 10.6.7
Apple Mac Os X 10.6.8
Apple Mac Os X 10.7
Apple Mac Os X 10.7.1
Apple Mac OS X 10.6
Apple Mac OS X 10.6.1
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.3
Apple Mac OS X 10.6.4
Apple Mac OS X 10.6.5
Apple Mac Os X Server 10.6.7
Apple Mac Os X Server 10.6.8
Apple Mac Os X Server 10.7
Apple Mac Os X Server 10.7.1
Apple Mac OS X Server 10.6
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.3
Apple Mac OS X Server 10.6.4
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.6
Avaya Aura Application Enablement Services 5.2
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 5.2.2
Avaya Aura Application Enablement Services 5.2.3
Avaya Aura Application Enablement Services 6.1
Avaya Aura Communication Manager 4.0
Avaya Aura Communication Manager 4.0
Avaya Aura Communication Manager 5.1
Avaya Aura Communication Manager 5.2
Avaya Aura Communication Manager 5.2.1
Avaya Aura Communication Manager 6.0
Avaya Aura Communication Manager 6.0.1
Avaya Aura Communication Manager Utility Services 6.0
Avaya Aura Communication Manager Utility Services 6.1
Avaya Aura Session Manager 1.1
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 6.0
Avaya Aura Session Manager 6.0 SP1
Avaya Aura Session Manager 6.1
Avaya Aura Session Manager 6.1.1
Avaya Aura Session Manager 6.1.2
Avaya Aura Session Manager 6.1 Sp1
Avaya Aura Session Manager 6.1 SP2
Avaya Aura SIP Enablement Services 4.0
Avaya Aura SIP Enablement Services 5.0
Avaya Aura SIP Enablement Services 5.1
Avaya Aura SIP Enablement Services 5.2
Avaya Aura SIP Enablement Services 5.2.1
Avaya Aura System Platform 1.1
Avaya Aura System Platform 6.0
Avaya Aura System Platform 6.0.1
Avaya Aura System Platform 6.0.2
Avaya Aura System Platform 6.0 SP2
Avaya Aura System Platform 6.0 SP3
Avaya Call Management System R 15.0
Avaya Call Management System R 16.0
Avaya Call Management System R16.1
Avaya Call Management System R16.2
Avaya Call Management System R16.3
Avaya Interactive Response 4.0
Avaya IP Office Application Server 5.0
Avaya IP Office Application Server 5.0.1
Avaya IP Office Application Server 6.0
Avaya IP Office Application Server 6.1
Avaya IP Office Application Server 7.0
Avaya Meeting Exchange 5.0
Avaya Meeting Exchange 5.0.0.0.52
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.1
Avaya Meeting Exchange 5.1 SP1
Avaya Meeting Exchange 5.2
Avaya Meeting Exchange 5.2 SP1
Avaya Meeting Exchange 5.2 SP2
Avaya Message Networking 3.1
Avaya Message Networking 5.2
Avaya Message Networking 5.2.1
Avaya Message Networking 5.2.2
Avaya Message Networking 5.2 SP1
Avaya Message Networking
Avaya Messaging Storage Server 4.0
Avaya Messaging Storage Server 5.0
Avaya Messaging Storage Server 5.1
Avaya Messaging Storage Server 5.1 SP1
Avaya Messaging Storage Server 5.1 SP2
Avaya Messaging Storage Server 5.2
Avaya Messaging Storage Server 5.2.2
Avaya Messaging Storage Server 5.2.8
Avaya Messaging Storage Server 5.2 SP1
Avaya Messaging Storage Server 5.2 SP2
Avaya Messaging Storage Server 5.2 SP3
Avaya Voice Portal 4.0
Avaya Voice Portal 4.1
Avaya Voice Portal 4.1 SP1
Avaya Voice Portal 4.1 SP2
Avaya Voice Portal 5.0
Avaya Voice Portal 5.0 SP1
Avaya Voice Portal 5.0 SP2
Avaya Voice Portal 5.1
Avaya Voice Portal 5.1
Avaya Voice Portal 5.1 SP1
Debian Linux 5.0
Debian Linux 5.0 Alpha
Debian Linux 5.0 Amd64
Debian Linux 5.0 Arm
Debian Linux 5.0 Armel
Debian Linux 5.0 Hppa
Debian Linux 5.0 Ia-32
Debian Linux 5.0 Ia-64
Debian Linux 5.0 M68k
Debian Linux 5.0 Mips
Debian Linux 5.0 Mipsel
Debian Linux 5.0 Powerpc
Debian Linux 5.0 S/390
Debian Linux 5.0 Sparc
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L10
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L10A
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L10B
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L11
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L20
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L20A
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.1.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0A
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0 L10
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0 L10B
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0 L10C
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0 L10
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0 L11
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.3
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0.0A
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0.0 B
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0.1 B
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1.0A
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1.0B
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.2.0
Fujitsu Interstage Application Server Plus 6.0
Fujitsu Interstage Application Server Plus 6.0.1
Fujitsu Interstage Application Server Plus 6.0.2
Fujitsu Interstage Application Server Plus 6.0 L10
Fujitsu Interstage Application Server Plus 6.0 L10A
Fujitsu Interstage Application Server Plus 6.0 L10B
Fujitsu Interstage Application Server Plus 6.0 L10C
Fujitsu Interstage Application Server Plus 6.0 L11
Fujitsu Interstage Application Server Plus 7.0
Fujitsu Interstage Application Server Plus 7.0 L10
Fujitsu Interstage Application Server Plus 7.0 L11
Fujitsu iNTERSTAGE Application Server Standard Edition 5.0
Fujitsu iNTERSTAGE Application Server Standard Edition 5.0 L10
Fujitsu iNTERSTAGE Application Server Standard Edition 5.0 L10A
Fujitsu iNTERSTAGE Application Server Standard Edition 5.0 L10B
Fujitsu iNTERSTAGE Application Server Standard Edition 5.0 L11
Fujitsu iNTERSTAGE Application Server Standard Edition 5.0 L20
Fujitsu iNTERSTAGE Application Server Standard Edition 5.0 L20A
Fujitsu iNTERSTAGE Application Server Standard Edition 8.0.0
Fujitsu iNTERSTAGE Application Server Standard Edition 8.0.3
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.3
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.0A
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.0 B
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.1
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.1 B
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.1.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.1.0B
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.2.0
Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0
Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0 L10
Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0 L10A
Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0 L10B
Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0 L11
Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0 L20
Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0 L20A
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0A
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0 L10
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0 L10A
Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0 L10
Fujitsu INTERSTAGE Business Application Server Enterprise 8.0.0
Fujitsu INTERSTAGE Job Workload Server 8.1.0
Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Studio Enterprise Edition 9.0.0
Fujitsu INTERSTAGE Studio Enterprise Edition 9.1.0
Fujitsu INTERSTAGE Studio Enterprise Edition 9.1.0 B
Fujitsu INTERSTAGE Studio Enterprise Edition 9.2.0
Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Studio Standard-J Edition 9.0.0
Fujitsu INTERSTAGE Studio Standard-J Edition 9.1.0
Fujitsu INTERSTAGE Studio Standard-J Edition 9.1.0 B
Fujitsu INTERSTAGE Studio Standard-J Edition 9.2.0
HP HP-UX B.11.23
HP HP-UX B.11.31
HP HP-UX Web Server Suite 2.33
HP HP-UX Web Server Suite 3.17
HP HP-UX Web Server Suite 3.18
HP OpenView Network Node Manager 7.53 - Hp-Ux
HP OpenView Network Node Manager 7.53 - Linux
HP OpenView Network Node Manager 7.53 - Solaris
HP System Management Homepage 3.0.0.64
HP System Management Homepage 3.0.0-68
HP System Management Homepage 3.0.0.68
HP System Management Homepage 3.0.1-73
HP System Management Homepage 3.0.1.73
HP System Management Homepage 3.0.2-77
HP System Management Homepage 3.0.2.77
HP System Management Homepage 3.0.2.77 B
HP System Management Homepage 6.0
HP System Management Homepage 6.0.0-95
HP System Management Homepage 6.0.0.95
HP System Management Homepage 6.0.0.96
HP System Management Homepage 6.1
HP System Management Homepage 6.1.0.102
HP System Management Homepage 6.1.0-103
HP System Management Homepage 6.1.0.103
HP System Management Homepage 6.2
HP System Management Homepage 6.2
HP System Management Homepage 6.2.0-12
HP System Management Homepage 6.2.2.7
HP System Management Homepage 6.3
HP System Management Homepage
IBM HTTP Server 6.1.0
IBM HTTP Server 6.1.0.1
IBM HTTP Server 6.1.0.13
IBM HTTP Server 6.1.0.15
IBM HTTP Server 6.1.0.17
IBM HTTP Server 6.1.0.19
IBM HTTP Server 6.1.0.25
IBM HTTP Server 6.1.0.27
IBM HTTP Server 6.1.0.3
IBM HTTP Server 6.1.0.31
IBM HTTP Server 6.1.0.35
IBM HTTP Server 6.1.0.5
IBM HTTP Server 6.1.0.9
IBM HTTP Server 7.0
IBM HTTP Server 7.0.0.11
IBM HTTP Server 7.0.0.13
IBM HTTP Server 7.0.0.15
IBM HTTP Server 7.0.0.17
IBM HTTP Server 7.0.0.5
Mandriva Corporate Server 4.0
Mandriva Corporate Server 4.0.0 X86 64
Mandriva Enterprise Server 5
Mandriva Enterprise Server 5 X86 64
Mandriva Linux Mandrake 2009.0
Mandriva Linux Mandrake 2009.0 X86 64
Mandriva Linux Mandrake 2010.0
Mandriva Linux Mandrake 2010.0 X86 64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2010.1 X86 64
NetBSD 4.0
NetBSD 4.0.1
NetBSD 4.0.2
NetBSD 4.1
NetBSD Current
Red Hat Enterprise Linux 5 Server
Red Hat Enterprise Linux Desktop Version 4
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux Desktop 5 Client
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop Workstation 5 Client
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux WS 4
Red Hat Fedora 13
Red Hat Fedora 14
Red Hat Fedora 15
Red Hat JBoss Enterprise Web Server 5.0.0
Red Hat JBoss Enterprise Web Server EL4
Red Hat JBoss Enterprise Web Server for RHEL 4 AS 1.0.0
Red Hat JBoss Enterprise Web Server for RHEL 4 ES 1.0.0
Red Hat JBoss Enterprise Web Server for RHEL 5 Server 1.0.0
Red Hat JBoss Enterprise Web Server for RHEL 6 1.0.0
Red Hat JBoss Enterprise Web Server for Solaris 1.0.0
Red Hat JBoss Enterprise Web Server for Windows 1.0.0
Slackware Linux 11.0
Slackware Linux 12.0
Slackware Linux 12.1
Slackware Linux 12.2
Slackware Linux 13.0
Slackware Linux 13.0 X86 64
Slackware Linux 13.1
Slackware Linux 13.1 X86 64
Slackware Linux 13.37
Slackware Linux 13.37 x86_64
Slackware Linux -Current
Slackware Linux X86 64 -Current
Sun Secure Global Desktop 4.0
Sun Secure Global Desktop 4.2
Sun Secure Global Desktop 4.3
Sun Solaris 10
Sun Solaris 10 Express
Sun Solaris 10 Sparc
Sun Solaris 10 X86
Sun Solaris 11 Express
Sun Solaris 9
Ubuntu Ubuntu Linux 10.04 Amd64
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 I386
Ubuntu Ubuntu Linux 10.04 Powerpc
Ubuntu Ubuntu Linux 10.04 Sparc
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 6.06 LTS Amd64
Ubuntu Ubuntu Linux 6.06 LTS I386
Ubuntu Ubuntu Linux 6.06 LTS Powerpc
Ubuntu Ubuntu Linux 6.06 LTS Sparc
Ubuntu Ubuntu Linux 8.04 LTS Amd64
Ubuntu Ubuntu Linux 8.04 LTS I386
Ubuntu Ubuntu Linux 8.04 LTS Lpia
Ubuntu Ubuntu Linux 8.04 LTS Powerpc
Ubuntu Ubuntu Linux 8.04 LTS Sparc
Xerox FreeFlow Print Server (FFPS) 73.B3.61
Xerox FreeFlow Print Server (FFPS) 73.C0.41

References

BugTraq: 47820
CVE: CVE-2011-0419

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Apache APR apr_fnmatch Stack Overflow Denial of Service

Extended Description

Affected Products

References