Back to search
CVE-2011-3192
Published: Aug 29, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
45606
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:1369
vendor-advisory
x_refsource_REDHAT
RHSA-2011:1329
vendor-advisory
x_refsource_REDHAT
HPSBUX02707
vendor-advisory
x_refsource_HP
SUSE-SU-2011:1010
vendor-advisory
x_refsource_SUSE
SSRT100966
vendor-advisory
x_refsource_HP
openSUSE-SU-2011:0993
vendor-advisory
x_refsource_SUSE
http://www.gossamer-threads.com/lists/apache/dev/401638
x_refsource_CONFIRM
1025960
vdb-entry
x_refsource_SECTRACK
[dev] 20110823 Re: DoS with mod_deflate & range requests
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=732928
x_refsource_CONFIRM
SSRT100624
vendor-advisory
x_refsource_HP
17696
exploit
x_refsource_EXPLOIT-DB
https://issues.apache.org/bugzilla/show_bug.cgi?id=51714
x_refsource_CONFIRM
HPSBUX02702
vendor-advisory
x_refsource_HP
46000
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
x_refsource_CONFIRM
http://blogs.oracle.com/security/entry/security_alert_for_cve_2011
x_refsource_CONFIRM
HPSBOV02822
vendor-advisory
x_refsource_HP
SSRT100619
vendor-advisory
x_refsource_HP
20110830 Apache HTTPd Range Header Denial of Service Vulnerability
vendor-advisory
x_refsource_CISCO
USN-1199-1
vendor-advisory
x_refsource_UBUNTU
MDVSA-2011:130
vendor-advisory
x_refsource_MANDRIVA
49303
vdb-entry
x_refsource_BID
74721
vdb-entry
x_refsource_OSVDB
20110824 Re: Apache Killer
mailing-list
x_refsource_FULLDISC
APPLE-SA-2011-10-12-3
vendor-advisory
x_refsource_APPLE
oval:org.mitre.oval:def:14824
vdb-entry
signature
x_refsource_OVAL
[announce] 20110824 Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x \(CVE-2011-3192\)
mailing-list
x_refsource_MLIST
RHSA-2011:1330
vendor-advisory
x_refsource_REDHAT
apache-http-byterange-dos(69396)
vdb-entry
x_refsource_XF
46126
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:1245
vendor-advisory
x_refsource_REDHAT
oval:org.mitre.oval:def:18827
vdb-entry
signature
x_refsource_OVAL
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
x_refsource_CONFIRM
http://www.apache.org/dist/httpd/Announcement2.2.html
x_refsource_CONFIRM
SSRT100626
vendor-advisory
x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
x_refsource_CONFIRM
46125
third-party-advisory
x_refsource_SECUNIA
HPSBMU02766
vendor-advisory
x_refsource_HP
VU#405811
third-party-advisory
x_refsource_CERT-VN
20110820 Apache Killer
mailing-list
x_refsource_FULLDISC
SSRT100852
vendor-advisory
x_refsource_HP
http://support.apple.com/kb/HT5002
x_refsource_CONFIRM
SUSE-SU-2011:1216
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:14762
vdb-entry
signature
x_refsource_OVAL
SUSE-SU-2011:1007
vendor-advisory
x_refsource_SUSE
HPSBMU02776
vendor-advisory
x_refsource_HP
SUSE-SU-2011:1000
vendor-advisory
x_refsource_SUSE
RHSA-2011:1294
vendor-advisory
x_refsource_REDHAT
MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
SUSE-SU-2011:1229
vendor-advisory
x_refsource_SUSE
HPSBMU02704
vendor-advisory
x_refsource_HP
RHSA-2011:1300
vendor-advisory
x_refsource_REDHAT
SSRT100606
vendor-advisory
x_refsource_HP
45937
third-party-advisory
x_refsource_SECUNIA
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now