CVE - CVE-2011-3192

CVE-ID
CVE-2011-3192	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
EXPLOIT-DB:17696 URL:http://www.exploit-db.com/exploits/17696 FULLDISC:20110820 Apache Killer URL:http://seclists.org/fulldisclosure/2011/Aug/175 FULLDISC:20110824 Re: Apache Killer URL:http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html MLIST:[announce] 20110824 Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x \(CVE-2011-3192\) URL:http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3e MLIST:[dev] 20110823 Re: DoS with mod_deflate & range requests URL:http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e CONFIRM:http://www.gossamer-threads.com/lists/apache/dev/401638 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=732928 CONFIRM:https://issues.apache.org/bugzilla/show_bug.cgi?id=51714 CONFIRM:http://blogs.oracle.com/security/entry/security_alert_for_cve_2011 CONFIRM:http://www.apache.org/dist/httpd/Announcement2.2.html CONFIRM:http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html CONFIRM:http://support.apple.com/kb/HT5002 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html APPLE:APPLE-SA-2011-10-12-3 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html CISCO:20110830 Apache HTTPd Range Header Denial of Service Vulnerability URL:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml HP:HPSBUX02702 URL:http://marc.info/?l=bugtraq&m=131551295528105&w=2 HP:HPSBUX02707 URL:http://marc.info/?l=bugtraq&m=131731002122529&w=2 HP:SSRT100606 URL:http://marc.info/?l=bugtraq&m=131551295528105&w=2 HP:SSRT100626 URL:http://marc.info/?l=bugtraq&m=131731002122529&w=2 HP:HPSBMU02704 URL:http://marc.info/?l=bugtraq&m=132033751509019&w=2 HP:HPSBOV02822 URL:http://marc.info/?l=bugtraq&m=134987041210674&w=2 HP:SSRT100966 URL:http://marc.info/?l=bugtraq&m=134987041210674&w=2 HP:HPSBMU02766 URL:http://marc.info/?l=bugtraq&m=133477473521382&w=2 HP:HPSBMU02776 URL:http://marc.info/?l=bugtraq&m=133951357207000&w=2 HP:SSRT100619 URL:http://marc.info/?l=bugtraq&m=132033751509019&w=2 HP:SSRT100624 URL:http://marc.info/?l=bugtraq&m=133477473521382&w=2 HP:SSRT100852 URL:http://marc.info/?l=bugtraq&m=133951357207000&w=2 MANDRIVA:MDVSA-2011:130 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:130 MANDRIVA:MDVSA-2013:150 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 REDHAT:RHSA-2011:1245 URL:http://www.redhat.com/support/errata/RHSA-2011-1245.html REDHAT:RHSA-2011:1294 URL:http://www.redhat.com/support/errata/RHSA-2011-1294.html REDHAT:RHSA-2011:1300 URL:http://www.redhat.com/support/errata/RHSA-2011-1300.html REDHAT:RHSA-2011:1329 URL:http://www.redhat.com/support/errata/RHSA-2011-1329.html REDHAT:RHSA-2011:1330 URL:http://www.redhat.com/support/errata/RHSA-2011-1330.html REDHAT:RHSA-2011:1369 URL:http://www.redhat.com/support/errata/RHSA-2011-1369.html SUSE:SUSE-SU-2011:1000 URL:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html SUSE:SUSE-SU-2011:1007 URL:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html SUSE:SUSE-SU-2011:1010 URL:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html SUSE:openSUSE-SU-2011:0993 URL:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html SUSE:SUSE-SU-2011:1216 URL:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html SUSE:SUSE-SU-2011:1229 URL:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html UBUNTU:USN-1199-1 URL:http://www.ubuntu.com/usn/USN-1199-1 CERT-VN:VU#405811 URL:http://www.kb.cert.org/vuls/id/405811 BID:49303 URL:http://www.securityfocus.com/bid/49303 OSVDB:74721 URL:http://osvdb.org/74721 OVAL:oval:org.mitre.oval:def:14762 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762 OVAL:oval:org.mitre.oval:def:14824 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824 OVAL:oval:org.mitre.oval:def:18827 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827 SECTRACK:1025960 URL:http://securitytracker.com/id?1025960 SECUNIA:45606 URL:http://secunia.com/advisories/45606 SECUNIA:45937 URL:http://secunia.com/advisories/45937 SECUNIA:46000 URL:http://secunia.com/advisories/46000 SECUNIA:46125 URL:http://secunia.com/advisories/46125 SECUNIA:46126 URL:http://secunia.com/advisories/46126 XF:apache-http-byterange-dos(69396) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/69396
Assigning CNA
N/A
Date Entry Created
20110819	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110819)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org