FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-3192

This CVE name corresponds to:

Entered Topic
2011-08-30 apache -- Range header DoS vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-3192
Phase Assigned(20110819)

Description

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

References

Source Reference
EXPLOIT-DB 17696
FULLDISC 20110820 Apache Killer
FULLDISC 20110824 Re: Apache Killer
MLIST [announce] 20110824 Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x \(CVE-2011-3192\)
MLIST [dev] 20110823 Re: DoS with mod_deflate & range requests
CONFIRM http://www.gossamer-threads.com/lists/apache/dev/401638
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=732928
CONFIRM https://issues.apache.org/bugzilla/show_bug.cgi?id=51714
CONFIRM http://blogs.oracle.com/security/entry/security_alert_for_cve_2011
CONFIRM http://www.apache.org/dist/httpd/Announcement2.2.html
CONFIRM http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html
CONFIRM http://support.apple.com/kb/HT5002
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
APPLE APPLE-SA-2011-10-12-3
CISCO 20110830 Apache HTTPd Range Header Denial of Service Vulnerability
HP HPSBUX02702
HP HPSBUX02707
HP SSRT100606
HP SSRT100626
HP HPSBMU02704
HP HPSBOV02822
HP SSRT100966
MANDRIVA MDVSA-2011:130
MANDRIVA MDVSA-2013:150
REDHAT RHSA-2011:1245
REDHAT RHSA-2011:1294
REDHAT RHSA-2011:1300
REDHAT RHSA-2011:1329
REDHAT RHSA-2011:1330
REDHAT RHSA-2011:1369
SUSE SUSE-SU-2011:1000
SUSE SUSE-SU-2011:1007
SUSE SUSE-SU-2011:1010
SUSE openSUSE-SU-2011:0993
SUSE SUSE-SU-2011:1216
SUSE SUSE-SU-2011:1229
UBUNTU USN-1199-1
CERT-VN VU#405811
BID 49303
OSVDB 74721
OVAL oval:org.mitre.oval:def:14762
OVAL oval:org.mitre.oval:def:14824
OVAL oval:org.mitre.oval:def:18827
SECTRACK 1025960
SECUNIA 45606
SECUNIA 45937
SECUNIA 46000
SECUNIA 46125
SECUNIA 46126
XF apache-http-byterange-dos(69396)