CVE-2011-3192
7.3 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.964 High
EPSS
Percentile
99.5%
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
References
archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html
blogs.oracle.com/security/entry/security_alert_for_cve_2011
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html
lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html
lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html
lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html
lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html
lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD%40minotaur.apache.org%3e
mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g%40mail.gmail.com%3e
marc.info/?l=bugtraq&m=131551295528105&w=2
marc.info/?l=bugtraq&m=131731002122529&w=2
marc.info/?l=bugtraq&m=132033751509019&w=2
marc.info/?l=bugtraq&m=133477473521382&w=2
marc.info/?l=bugtraq&m=133951357207000&w=2
marc.info/?l=bugtraq&m=134987041210674&w=2
osvdb.org/74721
seclists.org/fulldisclosure/2011/Aug/175
secunia.com/advisories/45606
secunia.com/advisories/45937
secunia.com/advisories/46000
secunia.com/advisories/46125
secunia.com/advisories/46126
securitytracker.com/id?1025960
support.apple.com/kb/HT5002
www.apache.org/dist/httpd/Announcement2.2.html
www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml
www.exploit-db.com/exploits/17696
www.gossamer-threads.com/lists/apache/dev/401638
www.kb.cert.org/vuls/id/405811
www.mandriva.com/security/advisories?name=MDVSA-2011:130
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html
www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
www.redhat.com/support/errata/RHSA-2011-1245.html
www.redhat.com/support/errata/RHSA-2011-1294.html
www.redhat.com/support/errata/RHSA-2011-1300.html
www.redhat.com/support/errata/RHSA-2011-1329.html
www.redhat.com/support/errata/RHSA-2011-1330.html
www.redhat.com/support/errata/RHSA-2011-1369.html
www.securityfocus.com/bid/49303
www.ubuntu.com/usn/USN-1199-1
bugzilla.redhat.com/show_bug.cgi?id=732928
exchange.xforce.ibmcloud.com/vulnerabilities/69396
help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
issues.apache.org/bugzilla/show_bug.cgi?id=51714
lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827
Social References
More
Related
7.3 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.964 High
EPSS
Percentile
99.5%