Endpoint Vulnerability

Apache Httpd - moderate:apr_fnmatch flaw leads to mod_autoindex remote DoS(CVE-2011-0419)


A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.

Affected Products

Apache Httpd