RedHatRHSA-2011:1245

HistoryAug 31, 2011 - 12:00 a.m.

(RHSA-2011:1245) Important: httpd security update

2011-08-3100:00:00

access.redhat.com

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.966 High

EPSS

Percentile

99.5%

JSON

The Apache HTTP Server is a popular web server.

A flaw was found in the way the Apache HTTP Server handled Range HTTP
headers. A remote attacker could use this flaw to cause httpd to use an
excessive amount of memory and CPU time via HTTP requests with a
specially-crafted Range header. (CVE-2011-3192)

All httpd users should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64mod_ssl< 2.2.15-9.el6_1.2mod_ssl-2.2.15-9.el6_1.2.x86_64.rpm
RedHatanys390xhttpd-devel< 2.0.52-48.enthttpd-devel-2.0.52-48.ent.s390x.rpm
RedHat6srchttpd< 2.2.15-9.el6_1.2httpd-2.2.15-9.el6_1.2.src.rpm
RedHatanyppchttpd-devel< 2.0.52-48.enthttpd-devel-2.0.52-48.ent.ppc.rpm
RedHatanyi386httpd-suexec< 2.0.52-48.enthttpd-suexec-2.0.52-48.ent.i386.rpm
RedHat6x86_64httpd< 2.2.15-9.el6_1.2httpd-2.2.15-9.el6_1.2.x86_64.rpm
RedHat6ppchttpd-debuginfo< 2.2.15-9.el6_1.2httpd-debuginfo-2.2.15-9.el6_1.2.ppc.rpm
RedHat5ia64httpd-devel< 2.2.3-53.el5_7.1httpd-devel-2.2.3-53.el5_7.1.ia64.rpm
RedHat6s390xmod_ssl< 2.2.15-9.el6_1.2mod_ssl-2.2.15-9.el6_1.2.s390x.rpm
RedHatanyppchttpd< 2.0.52-48.enthttpd-2.0.52-48.ent.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	x86_64	mod_ssl	< 2.2.15-9.el6_1.2	mod_ssl-2.2.15-9.el6_1.2.x86_64.rpm
RedHat	any	s390x	httpd-devel	< 2.0.52-48.ent	httpd-devel-2.0.52-48.ent.s390x.rpm
RedHat	6	src	httpd	< 2.2.15-9.el6_1.2	httpd-2.2.15-9.el6_1.2.src.rpm
RedHat	any	ppc	httpd-devel	< 2.0.52-48.ent	httpd-devel-2.0.52-48.ent.ppc.rpm
RedHat	any	i386	httpd-suexec	< 2.0.52-48.ent	httpd-suexec-2.0.52-48.ent.i386.rpm
RedHat	6	x86_64	httpd	< 2.2.15-9.el6_1.2	httpd-2.2.15-9.el6_1.2.x86_64.rpm
RedHat	6	ppc	httpd-debuginfo	< 2.2.15-9.el6_1.2	httpd-debuginfo-2.2.15-9.el6_1.2.ppc.rpm
RedHat	5	ia64	httpd-devel	< 2.2.3-53.el5_7.1	httpd-devel-2.2.3-53.el5_7.1.ia64.rpm
RedHat	6	s390x	mod_ssl	< 2.2.15-9.el6_1.2	mod_ssl-2.2.15-9.el6_1.2.s390x.rpm
RedHat	any	ppc	httpd	< 2.0.52-48.ent	httpd-2.0.52-48.ent.ppc.rpm

Rows per page:

1-10 of 801

threatpost 2

suse 8

f5 2

altlinux 3

nessus 42

fedora 2

veracode 1

openvas 49

amazon 1

redhat 9

debian 5

ibm 2

hackerone 3

exploitpack 1

packetstorm 3

cert 1

httpd 2

freebsd 1

checkpoint_advisories 2

checkpoint_security 1

cisa 1

zdt 1

seebug 3

centos 2

oraclelinux 2

securityvulns 10

ubuntu 1

slackware 2

debiancve 1

cve 2

prion 2

ubuntucve 1

osv 1

jvn 1

exploitdb 1

nmap 1

attackerkb 1

kaspersky 1

gentoo 1

oracle 3

threatpost

Apache Fixes Range Header DoS Flaw

2011-08-31 10:30:00

Apache Releases Version 2.2.21 With New Fix For Range Header Flaw

2011-09-14 15:29:14

suse

Security update for Apache (important)

2011-09-06 18:08:19

apache2: Fixed a remote denial of service via byte-ranges (important)

2011-09-02 18:08:23

Security update for Apache (important)

2011-09-06 10:08:12

K13114 : Apache Range header vulnerability - CVE-2011-3192

2013-09-12 00:00:00

SOL13114 - Apache Range header vulnerability - CVE-2011-3192

2011-10-06 00:00:00

altlinux

Security fix for the ALT Linux 8 package apache2 version 2.2.20-alt1

2011-08-31 00:00:00

Security fix for the ALT Linux 10 package apache2 version 2.2.20-alt1

2011-08-31 00:00:00

Security fix for the ALT Linux 9 package apache2 version 2.2.20-alt1

2011-08-31 00:00:00

nessus

RHEL 5 : httpd (RHSA-2011:1294)

2013-01-24 00:00:00

openSUSE Security Update : apache2 (openSUSE-SU-2011:0993-1)

2014-06-13 00:00:00

Amazon Linux AMI : httpd (ALAS-2011-1)

2014-10-12 00:00:00

fedora

[SECURITY] Fedora 16 Update: httpd-2.2.21-1.fc16

2011-09-30 19:07:35

[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15

2011-09-16 01:58:28

veracode

Denial Of Service (DoS)

2020-04-10 01:02:22

openvas

CentOS Update for httpd CESA-2011:1245 centos4 i386

2011-09-07 00:00:00

Slackware: Security Advisory (SSA:2011-252-01)

2012-09-10 00:00:00

RedHat Update for httpd RHSA-2011:1294-01

2011-09-16 00:00:00

amazon

Medium: httpd

2011-09-27 22:46:00

redhat

(RHSA-2011:1330) Important: JBoss Enterprise Web Server 1.0.2 security update

2011-09-21 16:00:45

(RHSA-2011:1369) Important: httpd security update

2011-10-13 00:00:00

(RHSA-2011:1294) Important: httpd security update

2011-09-14 00:00:00

debian

[BSA-049] Security Update for apache2

2011-09-06 02:06:51

[SECURITY] [DSA 2298-2] apache2 regression fix

2011-09-05 19:20:44

[SECURITY] [DSA 2298-1] apache2 security update

2011-08-29 21:16:25

ibm

Security Bulletin: API Connect is affected by an Apache HTTP Server vulnerability (CVE-2011-3192)

2018-06-15 07:07:54

Security Bulletin: Potential security exposure with IBM HTTP Server 8.0 and earlier (PM46234) (CVE-2011-3192)

2022-09-08 00:26:26

hackerone

ownCloud: Apache Range Header Denial of Service Attack (Confirmed PoC)

2015-09-14 22:55:12

Gratipay: grtp.co is vulnerable to http-vuln-cve2011-3192

2016-01-25 13:01:41

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

exploitpack

Apache - Denial of Service

2011-12-09 00:00:00

packetstorm

Obehotel CMS Denial Of Service / SQL Injection

2013-08-26 00:00:00

Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS

2013-10-07 00:00:00

ProtonMail.ch Header Injection / CSRF

2014-05-30 00:00:00

cert

Apache HTTPD 1.3/2.x Range header DoS vulnerability

2011-08-26 00:00:00

httpd

Apache Httpd < 2.2.20 : Range header remote DoS

2011-08-20 00:00:00

Apache Httpd < 2.0.65 : Range header remote DoS

2011-08-20 00:00:00

freebsd

apache -- Range header DoS vulnerability

2011-08-24 00:00:00

checkpoint_advisories

Apache HTTPD Ranges Header Field Denial of Service (CVE-2011-3192)

2011-09-14 00:00:00

Apache HTTPD Ranges Header Field Denial of Service - ver 2 (CVE-2011-3192)

2010-02-25 00:00:00

checkpoint_security

Check Point Response to Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

2011-08-24 21:00:00

cisa

Oracle Releases Security Alert for Oracle HTTP Server Products

2011-09-19 00:00:00

zdt

Obehotel CMS SQL Injection Vulnerability

2013-08-27 00:00:00

seebug

Apache Range Header Denial Of Service

2011-12-09 00:00:00

Apache HTTP Server Denial of Service

2014-07-01 00:00:00

Apache HTTP Server畸形Range选项处理远程拒绝服务漏洞

2011-08-26 00:00:00

centos

httpd, mod_ssl security update

2011-09-01 11:41:08

httpd, mod_ssl security update

2011-10-20 21:19:56

oraclelinux

httpd security update

2011-08-31 00:00:00

httpd security and bug fix update

2011-10-20 00:00:00

securityvulns

Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability

2011-08-30 00:00:00

Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)

2011-08-27 00:00:00

Multiple HTTP servers DoS

2011-10-20 00:00:00

ubuntu

Apache vulnerability

2011-09-01 00:00:00

slackware

[slackware-security] httpd

2011-09-09 14:05:46

[slackware-security] httpd

2011-10-14 23:59:50

debiancve

CVE-2011-3192

2011-08-29 15:55:00

cve

CVE-2011-3192

2011-08-29 15:55:00

CVE-2014-5329

2023-09-08 03:15:00

prion

Race condition

2023-09-08 03:15:00

Code injection

2011-08-29 15:55:00

ubuntucve

CVE-2011-3192

2011-08-29 00:00:00

osv

apache2 - denial of service

2011-09-05 00:00:00

jvn

JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)

2014-10-16 00:00:00

exploitdb

Apache - Denial of Service

2011-12-09 00:00:00

nmap

http-vuln-cve2011-3192 NSE Script

2011-08-29 21:42:57

attackerkb

CVE-2011-3192

2011-08-29 00:00:00

kaspersky

KLA10065 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

gentoo

Apache HTTP Server: Multiple vulnerabilities

2012-06-24 00:00:00

oracle

Oracle Critical Patch Update - October 2011

2011-10-18 00:00:00

Oracle Critical Patch Update - January 2012

2012-01-17 00:00:00

Oracle Critical Patch Update - July 2012

2012-07-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

(RHSA-2011:1245) Important: httpd security update

Related