CVE-2011-4415

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
apachehttp_server
2.0
apachehttp_server
2.0.9
apachehttp_server
2.0.28
apachehttp_server
2.0.28:beta
apachehttp_server
2.0.32
apachehttp_server
2.0.32:beta
apachehttp_server
2.0.34:beta
apachehttp_server
2.0.35
apachehttp_server
2.0.36
apachehttp_server
2.0.37
apachehttp_server
2.0.38
apachehttp_server
2.0.39
apachehttp_server
2.0.40
apachehttp_server
2.0.41
apachehttp_server
2.0.42
apachehttp_server
2.0.43
apachehttp_server
2.0.44
apachehttp_server
2.0.45
apachehttp_server
2.0.46
apachehttp_server
2.0.47
apachehttp_server
2.0.48
apachehttp_server
2.0.49
apachehttp_server
2.0.50
apachehttp_server
2.0.51
apachehttp_server
2.0.52
apachehttp_server
2.0.53
apachehttp_server
2.0.54
apachehttp_server
2.0.55
apachehttp_server
2.0.56
apachehttp_server
2.0.57
apachehttp_server
2.0.58
apachehttp_server
2.0.59
apachehttp_server
2.0.60
apachehttp_server
2.0.61
apachehttp_server
2.0.63
apachehttp_server
2.0.64
apachehttp_server
2.2.0
apachehttp_server
2.2.1
apachehttp_server
2.2.2
apachehttp_server
2.2.3
apachehttp_server
2.2.4
apachehttp_server
2.2.6
apachehttp_server
2.2.8
apachehttp_server
2.2.9
apachehttp_server
2.2.10
apachehttp_server
2.2.11
apachehttp_server
2.2.12
apachehttp_server
2.2.13
apachehttp_server
2.2.14
apachehttp_server
2.2.15
apachehttp_server
2.2.16
apachehttp_server
2.2.18
apachehttp_server
2.2.19
apachehttp_server
2.2.20
apachehttp_server
2.2.21
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache2
bullseye
2.4.62-1~deb11u1
fixed
bullseye (security)
2.4.62-1~deb11u2
fixed
bookworm
2.4.62-1~deb12u1
fixed
bookworm (security)
2.4.62-1~deb12u2
fixed
sid
2.4.62-3
fixed
trixie
2.4.62-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://www.gossamer-threads.com/lists/apache/dev/403775
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://www.gossamer-threads.com/lists/apache/dev/403775
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html