Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2011-4415

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.

  • Published: Nov 8, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-4415
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 1.2
  • AV:L/AC:H/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
apache / http_server 2.0.42 2.0.42.x
apache / http_server 2.0.64 2.0.64.x
apache / http_server 2.0.58 2.0.58.x
apache / http_server 2.0.47 2.0.47.x
apache / http_server 2.0.56 2.0.56.x
apache / http_server 2.0.50 2.0.50.x
apache / http_server 2.0.35 2.0.35.x
apache / http_server 2.0.37 2.0.37.x
apache / http_server 2.0.55 2.0.55.x
apache / http_server 2.0.44 2.0.44.x
apache / http_server 2.0.39 2.0.39.x
apache / http_server 2.0.52 2.0.52.x
apache / http_server 2.0.53 2.0.53.x
apache / http_server 2.0.57 2.0.57.x
apache / http_server 2.0.51 2.0.51.x
apache / http_server 2.0.28-beta 2.0.28-beta.x
apache / http_server 2.0.63 2.0.63.x
apache / http_server 2.0.41 2.0.41.x
apache / http_server 2.0.49 2.0.49.x
apache / http_server 2.0.9 2.0.9.x
apache / http_server 2.0.34-beta 2.0.34-beta.x
apache / http_server 2.0.61 2.0.61.x
apache / http_server 2.0.32 2.0.32.x
apache / http_server 2.0.38 2.0.38.x
apache / http_server 2.0.48 2.0.48.x
apache / http_server 2.0.45 2.0.45.x
apache / http_server 2.0.40 2.0.40.x
apache / http_server 2.0.36 2.0.36.x
apache / http_server 2.0.46 2.0.46.x
apache / http_server 2.0.54 2.0.54.x
apache / http_server 2.0.43 2.0.43.x
apache / http_server 2.0.59 2.0.59.x
apache / http_server 2.0.28 2.0.28.x
apache / http_server 2.0 2.0.x
apache / http_server 2.0.32-beta 2.0.32-beta.x
apache / http_server 2.0.60 2.0.60.x
apache / http_server 2.2.11 2.2.11.x
apache / http_server 2.2.0 2.2.0.x
apache / http_server 2.2.10 2.2.10.x
apache / http_server 2.2.13 2.2.13.x
apache / http_server 2.2.2 2.2.2.x
apache / http_server 2.2.4 2.2.4.x
apache / http_server 2.2.16 2.2.16.x
apache / http_server 2.2.21 2.2.21.x
apache / http_server 2.2.8 2.2.8.x
apache / http_server 2.2.14 2.2.14.x
apache / http_server 2.2.6 2.2.6.x
apache / http_server 2.2.19 2.2.19.x
apache / http_server 2.2.9 2.2.9.x
apache / http_server 2.2.18 2.2.18.x
apache / http_server 2.2.12 2.2.12.x
apache / http_server 2.2.3 2.2.3.x
apache / http_server 2.2.15 2.2.15.x
apache / http_server 2.2.20 2.2.20.x
apache / http_server 2.2.1 2.2.1.x