Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2011-4415
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607..
CVSSv2.0 Score
- Severity
- Low
- Base Score
- 1.2/10
- Exploit Score
- 1.9/10
- Access Vector
- Local
- Access Complexity
- High
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:* |
Yes
|
- | - |