CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
99.7%
The Apache Portable Runtime Project reports:
A flaw was discovered in the apr_fnmatch() function in the
Apache Portable Runtime (APR) library 1.4.4 (or any backported
versions that contained the upstream fix for CVE-2011-0419).
This could cause httpd workers to enter a hung state (100% CPU
utilization).
apr-util 1.3.11 could cause crashes with httpd’s
mod_authnz_ldap in some situations.