Resource exhaustion in Apache Http_server
CVE-2011-3192
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping r…
Vulnerability class: DoS (Denial of Service)
EPSS: 0.905 (99.6th percentile) — read the EPSS interpretation.
Affected products
- Apache Http_server
- Canonical Ubuntu_linux — versions 8.04, 10.04, 10.10
- Opensuse — versions 11.3, 11.4
- Suse Linux_enterprise_server — versions 10, 11
- Suse Linux_enterprise_software_development_kit — versions 10, 11
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 45606 (x_refsource_SECUNIA, Not Applicable, third-party-advisory, Vendor Advisory)
- RHSA-2011:1369 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- RHSA-2011:1329 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- HPSBUX02707 (x_refsource_HP, vendor-advisory, Mailing List, Third Party Advisory, Issue Tracking)
- SUSE-SU-2011:1010 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- SSRT100966 (x_refsource_HP, vendor-advisory, Mailing List, Issue Tracking)
- openSUSE-SU-2011:0993 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- 1025960 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK, Broken Link)
- [dev] 20110823 Re: DoS with mod_deflate & range requests (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2011-3192?
- CVE-2011-3192 is a vulnerability in Apache Http_server, classified under Uncontrolled Resource Consumption. Published 2011-08-29.
- Is CVE-2011-3192 known to be exploited?
- 60 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.