Lucene search
AmazonALAS-2011-001HistorySep 27, 2011 - 10:46 p.m.
Medium: httpd
2011-09-2722:46:00
alas.aws.amazon.com
22
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.964 High
EPSS
Percentile
99.5%
Issue Overview:
The Apache HTTP Server is a popular web server.
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192)
All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Affected Packages:
httpd
Issue Correction:
Run yum update httpd to update your system.
New Packages:
i686:
httpd-devel-2.2.21-1.18.amzn1.i686
httpd-debuginfo-2.2.21-1.18.amzn1.i686
httpd-2.2.21-1.18.amzn1.i686
httpd-tools-2.2.21-1.18.amzn1.i686
mod_ssl-2.2.21-1.18.amzn1.i686
noarch:
httpd-manual-2.2.21-1.18.amzn1.noarch
src:
httpd-2.2.21-1.18.amzn1.src
x86_64:
mod_ssl-2.2.21-1.18.amzn1.x86_64
httpd-tools-2.2.21-1.18.amzn1.x86_64
httpd-2.2.21-1.18.amzn1.x86_64
httpd-devel-2.2.21-1.18.amzn1.x86_64
httpd-debuginfo-2.2.21-1.18.amzn1.x86_64
Additional References
Red Hat: CVE-2011-3192
Mitre: CVE-2011-3192
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | httpd-devel | < 2.2.21-1.18.amzn1 | httpd-devel-2.2.21-1.18.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | httpd-debuginfo | < 2.2.21-1.18.amzn1 | httpd-debuginfo-2.2.21-1.18.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | httpd | < 2.2.21-1.18.amzn1 | httpd-2.2.21-1.18.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | httpd-tools | < 2.2.21-1.18.amzn1 | httpd-tools-2.2.21-1.18.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mod_ssl | < 2.2.21-1.18.amzn1 | mod_ssl-2.2.21-1.18.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | httpd-manual | < 2.2.21-1.18.amzn1 | httpd-manual-2.2.21-1.18.amzn1.noarch.rpm |
| Amazon Linux | 1 | x86_64 | mod_ssl | < 2.2.21-1.18.amzn1 | mod_ssl-2.2.21-1.18.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | httpd-tools | < 2.2.21-1.18.amzn1 | httpd-tools-2.2.21-1.18.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | httpd | < 2.2.21-1.18.amzn1 | httpd-2.2.21-1.18.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | httpd-devel | < 2.2.21-1.18.amzn1 | httpd-devel-2.2.21-1.18.amzn1.x86_64.rpm |
Related
threatpost
threatpost
Apache Fixes Range Header DoS Flaw
2011-08-31 10:30:00
Apache Releases Version 2.2.21 With New Fix For Range Header Flaw
2011-09-14 15:29:14
suse
suse
Security update for Apache (important)
2011-09-06 18:08:19
apache2: Fixed a remote denial of service via byte-ranges (important)
2011-09-02 18:08:23
Security update for Apache (important)
2011-09-06 10:08:12
f5
f5
K13114 : Apache Range header vulnerability - CVE-2011-3192
2013-09-12 00:00:00
SOL13114 - Apache Range header vulnerability - CVE-2011-3192
2011-10-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.20-alt1
2011-08-31 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.20-alt1
2011-08-31 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.20-alt1
2011-08-31 00:00:00
nessus
nessus
RHEL 5 : httpd (RHSA-2011:1294)
2013-01-24 00:00:00
openSUSE Security Update : apache2 (openSUSE-SU-2011:0993-1)
2014-06-13 00:00:00
Amazon Linux AMI : httpd (ALAS-2011-1)
2014-10-12 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: httpd-2.2.21-1.fc16
2011-09-30 19:07:35
[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15
2011-09-16 01:58:28
openvas
openvas
CentOS Update for httpd CESA-2011:1245 centos4 i386
2011-09-07 00:00:00
RedHat Update for httpd RHSA-2011:1294-01
2011-09-16 00:00:00
Slackware: Security Advisory (SSA:2011-252-01)
2012-09-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:02:22
redhat
redhat
(RHSA-2011:1369) Important: httpd security update
2011-10-13 00:00:00
(RHSA-2011:1294) Important: httpd security update
2011-09-14 00:00:00
debian
debian
[BSA-049] Security Update for apache2
2011-09-06 02:06:51
[SECURITY] [DSA 2298-2] apache2 regression fix
2011-09-05 19:20:44
[SECURITY] [DSA 2298-1] apache2 security update
2011-08-29 21:16:25
hackerone
hackerone
Gratipay: grtp.co is vulnerable to http-vuln-cve2011-3192
2016-01-25 13:01:41
ownCloud: Apache Range Header Denial of Service Attack (Confirmed PoC)
2015-09-14 22:55:12
U.S. Dept Of Defense: Out-of-date Version (Apache)
2016-11-24 15:09:27
httpd
httpd
Apache Httpd < 2.2.20 : Range header remote DoS
2011-08-20 00:00:00
Apache Httpd < 2.0.65 : Range header remote DoS
2011-08-20 00:00:00
cert
cert
Apache HTTPD 1.3/2.x Range header DoS vulnerability
2011-08-26 00:00:00
ibm
ibm
exploitpack
exploitpack
Apache - Denial of Service
2011-12-09 00:00:00
packetstorm
packetstorm
Obehotel CMS Denial Of Service / SQL Injection
2013-08-26 00:00:00
Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
2013-10-07 00:00:00
ProtonMail.ch Header Injection / CSRF
2014-05-30 00:00:00
freebsd
freebsd
apache -- Range header DoS vulnerability
2011-08-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTPD Ranges Header Field Denial of Service (CVE-2011-3192)
2011-09-14 00:00:00
Apache HTTPD Ranges Header Field Denial of Service - ver 2 (CVE-2011-3192)
2010-02-25 00:00:00
checkpoint_security
checkpoint_security
centos
centos
httpd, mod_ssl security update
2011-09-01 11:41:08
httpd, mod_ssl security update
2011-10-20 21:19:56
seebug
seebug
Apache Range Header Denial Of Service
2011-12-09 00:00:00
Apache HTTP Server Denial of Service
2014-07-01 00:00:00
Apache HTTP Server畸形Range选项处理远程拒绝服务漏洞
2011-08-26 00:00:00
cisa
cisa
Oracle Releases Security Alert for Oracle HTTP Server Products
2011-09-19 00:00:00
zdt
zdt
Obehotel CMS SQL Injection Vulnerability
2013-08-27 00:00:00
oraclelinux
oraclelinux
httpd security update
2011-08-31 00:00:00
httpd security and bug fix update
2011-10-20 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability
2011-08-30 00:00:00
Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
2011-08-27 00:00:00
Multiple HTTP servers DoS
2011-10-20 00:00:00
ubuntu
ubuntu
Apache vulnerability
2011-09-01 00:00:00
slackware
slackware
[slackware-security] httpd
2011-09-09 14:05:46
[slackware-security] httpd
2011-10-14 23:59:50
debiancve
debiancve
CVE-2011-3192
2011-08-29 15:55:00
cve
cve
CVE-2011-3192
2011-08-29 15:55:00
CVE-2014-5329
2023-09-08 03:15:00
prion
prion
Code injection
2011-08-29 15:55:00
Race condition
2023-09-08 03:15:00
jvn
jvn
JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)
2014-10-16 00:00:00
osv
osv
apache2 - denial of service
2011-09-05 00:00:00
ubuntucve
ubuntucve
CVE-2011-3192
2011-08-29 00:00:00
exploitdb
exploitdb
Apache - Denial of Service
2011-12-09 00:00:00
nmap
nmap
http-vuln-cve2011-3192 NSE Script
2011-08-29 21:42:57
attackerkb
attackerkb
CVE-2011-3192
2011-08-29 00:00:00
kaspersky
kaspersky
KLA10065 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2011
2011-10-18 00:00:00
Oracle Critical Patch Update - January 2012
2012-01-17 00:00:00
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.964 High
EPSS
Percentile
99.5%
Related for ALAS-2011-001