Lucene search
GoogleOSV:DSA-2298-1HistorySep 05, 2011 - 12:00 a.m.
apache2 - denial of service
2011-09-0500:00:00
Google
osv.dev
24
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.975 High
EPSS
Percentile
99.9%
Two issues have been found in the Apache HTTPD web server:
- CVE-2011-3192
A vulnerability has been found in the way the multiple overlapping
ranges are handled by the Apache HTTPD server. This vulnerability
allows an attacker to cause Apache HTTPD to use an excessive amount of
memory, causing a denial of service. - CVE-2010-1452
A vulnerability has been found in mod_dav that allows an attacker to
cause a daemon crash, causing a denial of service. This issue only
affects the Debian 5.0 oldstable/lenny distribution.
For the oldstable distribution (lenny), these problems have been fixed
in version 2.2.9-10+lenny11.
For the stable distribution (squeeze), this problem has been fixed in
version 2.2.16-6+squeeze3.
For the testing distribution (wheezy), this problem has been fixed in
version 2.2.19-3.
For the unstable distribution (sid), this problem has been fixed in
version 2.2.19-3.
We recommend that you upgrade your apache2 packages.
This update also contains updated apache2-mpm-itk packages which have
been recompiled against the updated apache2 packages. The new version
number for the oldstable distribution is 2.2.6-02-1+lenny6. In the
stable distribution, apache2-mpm-itk has the same version number as
apache2.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache2 | eq | 2.2.16-6 | |
| apache2 | eq | 2.2.16-6+squeeze1 | |
| apache2 | eq | 2.2.16-6+squeeze1~bpo50+1 | |
| apache2 | eq | 2.2.16-6+squeeze2~bpo50+1 |
References
Related
nessus
nessus
Debian DSA-2298-2 : apache2 - denial of service
2011-08-30 00:00:00
SuSE 11.1 Security Update : Apache (SAT Patch Number 5090)
2011-12-13 00:00:00
debian
debian
[SECURITY] [DSA 2298-2] apache2 regression fix
2011-09-05 19:20:44
[SECURITY] [DSA 2298-1] apache2 security update
2011-08-29 21:16:25
[SECURITY] [DSA 2298-2] apache2 regression fix
2011-09-05 19:20:44
suse
suse
Security update for Apache (important)
2011-09-06 07:08:21
Security update for Apache 2 (important)
2011-11-04 09:08:32
apache2: Fixed a remote denial of service via byte-ranges (important)
2011-09-02 18:08:23
openvas
openvas
Debian Security Advisory DSA 2298-1 (apache2)
2011-09-21 00:00:00
Debian Security Advisory DSA 2298-2 (apache2)
2011-09-21 00:00:00
Debian Security Advisory DSA 2298-2 (apache2)
2011-09-21 00:00:00
slackware
slackware
[slackware-security] httpd
2010-08-28 16:52:27
[slackware-security] httpd
2011-09-09 14:05:46
[slackware-security] httpd
2011-10-14 23:59:50
httpd
httpd
Apache Httpd < 2.2.16 : mod_cache and mod_dav DoS
2010-05-04 00:00:00
Apache Httpd < 2.0.64 : mod_cache and mod_dav DoS
2010-05-04 00:00:00
Apache Httpd < 2.2.20 : Range header remote DoS
2011-08-20 00:00:00
ubuntucve
ubuntucve
CVE-2010-1452
2010-07-28 00:00:00
CVE-2011-3192
2011-08-29 00:00:00
prion
prion
freebsd
freebsd
apache -- Remote DoS bug in mod_cache and mod_dav
2010-07-21 00:00:00
apache -- Range header DoS vulnerability
2011-08-24 00:00:00
debiancve
debiancve
CVE-2010-1452
2010-07-28 20:00:00
CVE-2011-3192
2011-08-29 15:55:00
fedora
fedora
[SECURITY] Fedora 13 Update: httpd-2.2.16-1.fc13
2010-08-13 21:20:54
[SECURITY] Fedora 16 Update: httpd-2.2.21-1.fc16
2011-09-30 19:07:35
[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15
2011-09-16 01:58:28
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:09
Denial Of Service (DoS)
2020-04-10 01:02:22
cve
cve
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.20-alt1
2011-08-31 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.20-alt1
2011-08-31 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.20-alt1
2011-08-31 00:00:00
hackerone
hackerone
Gratipay: grtp.co is vulnerable to http-vuln-cve2011-3192
2016-01-25 13:01:41
ownCloud: Apache Range Header Denial of Service Attack (Confirmed PoC)
2015-09-14 22:55:12
redhat
redhat
(RHSA-2011:1369) Important: httpd security update
2011-10-13 00:00:00
(RHSA-2011:1294) Important: httpd security update
2011-09-14 00:00:00
ibm
ibm
cert
cert
Apache HTTPD 1.3/2.x Range header DoS vulnerability
2011-08-26 00:00:00
packetstorm
packetstorm
Obehotel CMS Denial Of Service / SQL Injection
2013-08-26 00:00:00
Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
2013-10-07 00:00:00
ProtonMail.ch Header Injection / CSRF
2014-05-30 00:00:00
exploitpack
exploitpack
Apache - Denial of Service
2011-12-09 00:00:00
f5
f5
K13114 : Apache Range header vulnerability - CVE-2011-3192
2013-09-12 00:00:00
SOL13114 - Apache Range header vulnerability - CVE-2011-3192
2011-10-06 00:00:00
threatpost
threatpost
Apache Fixes Range Header DoS Flaw
2011-08-31 10:30:00
Apache Releases Version 2.2.21 With New Fix For Range Header Flaw
2011-09-14 15:29:14
amazon
amazon
Medium: httpd
2011-09-27 22:46:00
cisa
cisa
Oracle Releases Security Alert for Oracle HTTP Server Products
2011-09-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTPD Ranges Header Field Denial of Service (CVE-2011-3192)
2011-09-14 00:00:00
Apache HTTPD Ranges Header Field Denial of Service - ver 2 (CVE-2011-3192)
2010-02-25 00:00:00
checkpoint_security
checkpoint_security
seebug
seebug
Apache Range Header Denial Of Service
2011-12-09 00:00:00
Apache HTTP Server Denial of Service
2014-07-01 00:00:00
Apache HTTP ServerηΈε½’Rangeιι‘Ήε€ηθΏη¨ζη»ζε‘ζΌζ΄
2011-08-26 00:00:00
zdt
zdt
Obehotel CMS SQL Injection Vulnerability
2013-08-27 00:00:00
centos
centos
httpd, mod_ssl security update
2011-09-01 11:41:08
httpd, mod_ssl security update
2010-08-31 21:00:21
httpd, mod_ssl security update
2011-10-20 21:19:56
oraclelinux
oraclelinux
httpd security update
2011-08-31 00:00:00
httpd security and bug fix update
2010-08-30 00:00:00
httpd security and bug fix update
2011-10-20 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability
2011-08-30 00:00:00
Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
2011-08-27 00:00:00
Multiple HTTP servers DoS
2011-10-20 00:00:00
ubuntu
ubuntu
Apache vulnerability
2011-09-01 00:00:00
Apache vulnerabilities
2010-11-25 00:00:00
jvn
jvn
JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)
2014-10-16 00:00:00
exploitdb
exploitdb
Apache - Denial of Service
2011-12-09 00:00:00
nmap
nmap
http-vuln-cve2011-3192 NSE Script
2011-08-29 21:42:57
attackerkb
attackerkb
CVE-2011-3192
2011-08-29 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.975 High
EPSS
Percentile
99.9%
Related for OSV:DSA-2298-1