Vulnerability CVE-2011-3192
Published: 2011-08-29   Modified: 2012-02-13

Description:
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Obehotel CMS Denial Of Service & SQL Injection
Juan Carlos Garc...
27.08.2013
Med.
Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
Juan Carlos Garc...
08.10.2013
Low
ProtonMail.ch Header injection/CSRF
Juan Carlos Garc...
22.10.2018

Type:

CWE-399

 (Resource Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Apache -> Http server 

 References:
http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html
http://blogs.oracle.com/security/entry/security_alert_for_cve_2011
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3e
http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e
http://marc.info/?l=bugtraq&m=131551295528105&w=2
http://marc.info/?l=bugtraq&m=131731002122529&w=2
http://marc.info/?l=bugtraq&m=132033751509019&w=2
http://marc.info/?l=bugtraq&m=133477473521382&w=2
http://marc.info/?l=bugtraq&m=133951357207000&w=2
http://marc.info/?l=bugtraq&m=134987041210674&w=2
http://seclists.org/fulldisclosure/2011/Aug/175
http://securitytracker.com/id?1025960
http://support.apple.com/kb/HT5002
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml
http://www.exploit-db.com/exploits/17696
http://www.gossamer-threads.com/lists/apache/dev/401638
http://www.kb.cert.org/vuls/id/405811
http://www.mandriva.com/security/advisories?name=MDVSA-2011:130
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
http://www.redhat.com/support/errata/RHSA-2011-1245.html
http://www.redhat.com/support/errata/RHSA-2011-1294.html
http://www.redhat.com/support/errata/RHSA-2011-1300.html
http://www.redhat.com/support/errata/RHSA-2011-1329.html
http://www.redhat.com/support/errata/RHSA-2011-1330.html
http://www.redhat.com/support/errata/RHSA-2011-1369.html
http://www.securityfocus.com/bid/49303
http://www.ubuntu.com/usn/USN-1199-1
https://bugzilla.redhat.com/show_bug.cgi?id=732928
https://exchange.xforce.ibmcloud.com/vulnerabilities/69396
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://issues.apache.org/bugzilla/show_bug.cgi?id=51714
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827
Copyright 2024, cxsecurity.com

 

Back to Top