CVE-2011-4415

Publication date 8 November 2011

Last updated 24 July 2024

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apache2	11.10 oneiric	Ignored
	11.04 natty	Ignored
	10.10 maverick	Ignored
	10.04 LTS lucid	Ignored
	8.04 LTS hardy	Ignored

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

Apache doesn't consider this to be a security issue. Ignoring.

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.gossamer-threads.com/lists/apache/dev/403775
http://thread.gmane.org/gmane.comp.apache.devel/46339/focus=46783
https://www.cve.org/CVERecord?id=CVE-2011-4415