1. CVE-Search
  2. CVE-2011-3192
ID CVE-2011-3192
Summary The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.15-60:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.15-60:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.62:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.62:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
  • cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
CVSS
Base: 7.8 (as of 19-09-2022 - 19:49)
Impact:
Exploitability:
CWE CWE-400
CAPEC
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Regular Expression Exponential Blowup
    An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions. The algorithm builds a finite state machine and based on the input transitions through all the states until the end of the input is reached. NFA engines may evaluate each character in the input string multiple times during the backtracking. The algorithm tries each path through the NFA one by one until a match is found; the malicious input is crafted so every path is tried which results in a failure. Exploitation of the Regex results in programs hanging or taking a very long time to complete. These attacks may target various layers of the Internet due to regular expressions being used in validation.
  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
  • accepted 2015-04-20T04:00:41.492-04:00
    class vulnerability
    contributors
    • name Yamini Mohan R
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
    family unix
    id oval:org.mitre.oval:def:14762
    status accepted
    submitted 2012-01-30T14:02:48.000-05:00
    title HP-UX Apache Web Server, Remote Denial of Service (DoS)
    version 49
  • accepted 2015-04-20T04:00:42.506-04:00
    class vulnerability
    contributors
    • name Yamini Mohan R
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
    family unix
    id oval:org.mitre.oval:def:14824
    status accepted
    submitted 2012-01-30T13:51:11.000-05:00
    title HP-UX Apache Web Server, Remote Denial of Service (DoS)
    version 48
  • accepted 2015-05-04T04:00:11.108-04:00
    class vulnerability
    contributors
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment VisualSVN Server is installed
    oval oval:org.mitre.oval:def:18636
    description The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
    family windows
    id oval:org.mitre.oval:def:18827
    status accepted
    submitted 2013-10-02T13:00:00
    title Apache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server (CVE-2011-3192)
    version 8
redhat via4
advisories
  • bugzilla
    id 732928
    title CVE-2011-3192 httpd: multiple ranges DoS
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment httpd is earlier than 0:2.0.52-48.ent
            oval oval:com.redhat.rhsa:tst:20111245001
          • comment httpd is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060159002
        • AND
          • comment httpd-devel is earlier than 0:2.0.52-48.ent
            oval oval:com.redhat.rhsa:tst:20111245003
          • comment httpd-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060159004
        • AND
          • comment httpd-manual is earlier than 0:2.0.52-48.ent
            oval oval:com.redhat.rhsa:tst:20111245005
          • comment httpd-manual is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060159006
        • AND
          • comment httpd-suexec is earlier than 0:2.0.52-48.ent
            oval oval:com.redhat.rhsa:tst:20111245007
          • comment httpd-suexec is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060159008
        • AND
          • comment mod_ssl is earlier than 1:2.0.52-48.ent
            oval oval:com.redhat.rhsa:tst:20111245009
          • comment mod_ssl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060159010
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.15-9.el6_1.2
            oval oval:com.redhat.rhsa:tst:20111245012
          • comment httpd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194002
        • AND
          • comment httpd-devel is earlier than 0:2.2.15-9.el6_1.2
            oval oval:com.redhat.rhsa:tst:20111245014
          • comment httpd-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194004
        • AND
          • comment httpd-manual is earlier than 0:2.2.15-9.el6_1.2
            oval oval:com.redhat.rhsa:tst:20111245016
          • comment httpd-manual is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194006
        • AND
          • comment httpd-tools is earlier than 0:2.2.15-9.el6_1.2
            oval oval:com.redhat.rhsa:tst:20111245018
          • comment httpd-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194008
        • AND
          • comment mod_ssl is earlier than 1:2.2.15-9.el6_1.2
            oval oval:com.redhat.rhsa:tst:20111245020
          • comment mod_ssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194016
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.3-53.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111245023
          • comment httpd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556002
        • AND
          • comment httpd-devel is earlier than 0:2.2.3-53.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111245025
          • comment httpd-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556004
        • AND
          • comment httpd-manual is earlier than 0:2.2.3-53.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111245027
          • comment httpd-manual is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556006
        • AND
          • comment mod_ssl is earlier than 1:2.2.3-53.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111245029
          • comment mod_ssl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556008
    rhsa
    id RHSA-2011:1245
    released 2011-08-31
    severity Important
    title RHSA-2011:1245: httpd security update (Important)
  • bugzilla
    id 732928
    title CVE-2011-3192 httpd: multiple ranges DoS
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.3-45.el5_6.2
            oval oval:com.redhat.rhsa:tst:20111294001
          • comment httpd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556002
        • AND
          • comment httpd-devel is earlier than 0:2.2.3-45.el5_6.2
            oval oval:com.redhat.rhsa:tst:20111294003
          • comment httpd-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556004
        • AND
          • comment httpd-manual is earlier than 0:2.2.3-45.el5_6.2
            oval oval:com.redhat.rhsa:tst:20111294005
          • comment httpd-manual is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556006
        • AND
          • comment mod_ssl is earlier than 1:2.2.3-45.el5_6.2
            oval oval:com.redhat.rhsa:tst:20111294007
          • comment mod_ssl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556008
    rhsa
    id RHSA-2011:1294
    released 2011-09-14
    severity Important
    title RHSA-2011:1294: httpd security update (Important)
  • rhsa
    id RHSA-2011:1300
  • rhsa
    id RHSA-2011:1329
  • rhsa
    id RHSA-2011:1330
  • rhsa
    id RHSA-2011:1369
rpms
  • httpd-0:2.0.52-48.ent
  • httpd-0:2.2.15-9.el6_1.2
  • httpd-0:2.2.3-53.el5_7.1
  • httpd-debuginfo-0:2.0.52-48.ent
  • httpd-debuginfo-0:2.2.15-9.el6_1.2
  • httpd-debuginfo-0:2.2.3-53.el5_7.1
  • httpd-devel-0:2.0.52-48.ent
  • httpd-devel-0:2.2.15-9.el6_1.2
  • httpd-devel-0:2.2.3-53.el5_7.1
  • httpd-manual-0:2.0.52-48.ent
  • httpd-manual-0:2.2.15-9.el6_1.2
  • httpd-manual-0:2.2.3-53.el5_7.1
  • httpd-suexec-0:2.0.52-48.ent
  • httpd-tools-0:2.2.15-9.el6_1.2
  • mod_ssl-1:2.0.52-48.ent
  • mod_ssl-1:2.2.15-9.el6_1.2
  • mod_ssl-1:2.2.3-53.el5_7.1
  • httpd-0:2.2.15-5.el6_0.1
  • httpd-0:2.2.3-22.el5_3.3
  • httpd-0:2.2.3-45.el5_6.2
  • httpd-debuginfo-0:2.2.15-5.el6_0.1
  • httpd-debuginfo-0:2.2.3-22.el5_3.3
  • httpd-debuginfo-0:2.2.3-45.el5_6.2
  • httpd-devel-0:2.2.15-5.el6_0.1
  • httpd-devel-0:2.2.3-22.el5_3.3
  • httpd-devel-0:2.2.3-45.el5_6.2
  • httpd-manual-0:2.2.15-5.el6_0.1
  • httpd-manual-0:2.2.3-22.el5_3.3
  • httpd-manual-0:2.2.3-45.el5_6.2
  • httpd-tools-0:2.2.15-5.el6_0.1
  • mod_ssl-1:2.2.15-5.el6_0.1
  • mod_ssl-1:2.2.3-22.el5_3.3
  • mod_ssl-1:2.2.3-45.el5_6.2
  • httpd-0:2.0.46-78.ent
  • httpd-debuginfo-0:2.0.46-78.ent
  • httpd-devel-0:2.0.46-78.ent
  • mod_ssl-1:2.0.46-78.ent
  • httpd-0:2.2.17-13.2.ep5.el6
  • httpd-0:2.2.17-14.1.ep5.el5
  • httpd-debuginfo-0:2.2.17-13.2.ep5.el6
  • httpd-debuginfo-0:2.2.17-14.1.ep5.el5
  • httpd-devel-0:2.2.17-13.2.ep5.el6
  • httpd-devel-0:2.2.17-14.1.ep5.el5
  • httpd-manual-0:2.2.17-13.2.ep5.el6
  • httpd-manual-0:2.2.17-14.1.ep5.el5
  • httpd-tools-0:2.2.17-13.2.ep5.el6
  • httpd22-0:2.2.17-16.ep5.el4
  • httpd22-apr-0:2.2.17-16.ep5.el4
  • httpd22-apr-devel-0:2.2.17-16.ep5.el4
  • httpd22-apr-util-0:2.2.17-16.ep5.el4
  • httpd22-apr-util-devel-0:2.2.17-16.ep5.el4
  • httpd22-debuginfo-0:2.2.17-16.ep5.el4
  • httpd22-devel-0:2.2.17-16.ep5.el4
  • httpd22-manual-0:2.2.17-16.ep5.el4
  • mod_ssl-1:2.2.17-13.2.ep5.el6
  • mod_ssl-1:2.2.17-14.1.ep5.el5
  • mod_ssl22-1:2.2.17-16.ep5.el4
  • httpd-0:2.2.13-3.el5s2
  • httpd-debuginfo-0:2.2.13-3.el5s2
  • httpd-devel-0:2.2.13-3.el5s2
  • httpd-manual-0:2.2.13-3.el5s2
  • mod_ssl-1:2.2.13-3.el5s2
refmap via4
apple APPLE-SA-2011-10-12-3
bid 49303
cert-vn VU#405811
cisco 20110830 Apache HTTPd Range Header Denial of Service Vulnerability
confirm
exploit-db 17696
fulldisc
  • 20110820 Apache Killer
  • 20110824 Re: Apache Killer
hp
  • HPSBMU02704
  • HPSBMU02766
  • HPSBMU02776
  • HPSBOV02822
  • HPSBUX02702
  • HPSBUX02707
  • SSRT100606
  • SSRT100619
  • SSRT100624
  • SSRT100626
  • SSRT100852
  • SSRT100966
mandriva
  • MDVSA-2011:130
  • MDVSA-2013:150
mlist
  • [announce] 20110824 Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x \(CVE-2011-3192\)
  • [dev] 20110823 Re: DoS with mod_deflate & range requests
  • [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
osvdb 74721
sectrack 1025960
secunia
  • 45606
  • 45937
  • 46000
  • 46125
  • 46126
suse
  • SUSE-SU-2011:1000
  • SUSE-SU-2011:1007
  • SUSE-SU-2011:1010
  • SUSE-SU-2011:1216
  • SUSE-SU-2011:1229
  • openSUSE-SU-2011:0993
ubuntu USN-1199-1
xf apache-http-byterange-dos(69396)
Last major update 19-09-2022 - 19:49
Published 29-08-2011 - 15:55
Last modified 19-09-2022 - 19:49
Back to Top