The patch for the ByteRange remote denial of service attack
(CVE-2011-3192) was refined and the configuration options
used by upstream were added. Introduce new config option:
Allow MaxRanges Number of ranges requested, if exceeded,
the complete content is served. default: 200 0|unlimited:
unlimited none: Range headers are ignored. This option is a
backport from 2.2.21.

Also fixed: CVE-2011-3348: Denial of service in proxy_ajp
when using a undefined method.

CVE-2011-3368: Exposure of internal servers via reverse
proxy methods with mod_proxy enabled and incorrect Rewrite
or Proxy Rules.

OSVersionArchitecturePackageVersionFilename
openSUSE11.4i586apache2-worker< 2.2.17-4.9.1apache2-worker-2.2.17-4.9.1.i586.rpm
openSUSE11.4x86_64apache2-itk< 2.2.17-4.9.1apache2-itk-2.2.17-4.9.1.x86_64.rpm
openSUSE11.3x86_64apache2-prefork< 2.2.15-4.7.1apache2-prefork-2.2.15-4.7.1.x86_64.rpm
openSUSE11.3x86_64apache2-utils< 2.2.15-4.7.1apache2-utils-2.2.15-4.7.1.x86_64.rpm
openSUSE11.4i586apache2-prefork< 2.2.17-4.9.1apache2-prefork-2.2.17-4.9.1.i586.rpm
openSUSE11.4x86_64apache2-worker< 2.2.17-4.9.1apache2-worker-2.2.17-4.9.1.x86_64.rpm
openSUSE11.3x86_64apache2-example-certificates< 2.2.15-4.7.1apache2-example-certificates-2.2.15-4.7.1.x86_64.rpm
openSUSE11.3i586apache2-worker< 2.2.15-4.7.1apache2-worker-2.2.15-4.7.1.i586.rpm
openSUSE11.4i586apache2-example-certificates< 2.2.17-4.9.1apache2-example-certificates-2.2.17-4.9.1.i586.rpm
openSUSE11.4i586apache2< 2.2.17-4.9.1apache2-2.2.17-4.9.1.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	11.4	i586	apache2-worker	< 2.2.17-4.9.1	apache2-worker-2.2.17-4.9.1.i586.rpm
openSUSE	11.4	x86_64	apache2-itk	< 2.2.17-4.9.1	apache2-itk-2.2.17-4.9.1.x86_64.rpm
openSUSE	11.3	x86_64	apache2-prefork	< 2.2.15-4.7.1	apache2-prefork-2.2.15-4.7.1.x86_64.rpm
openSUSE	11.3	x86_64	apache2-utils	< 2.2.15-4.7.1	apache2-utils-2.2.15-4.7.1.x86_64.rpm
openSUSE	11.4	i586	apache2-prefork	< 2.2.17-4.9.1	apache2-prefork-2.2.17-4.9.1.i586.rpm
openSUSE	11.4	x86_64	apache2-worker	< 2.2.17-4.9.1	apache2-worker-2.2.17-4.9.1.x86_64.rpm
openSUSE	11.3	x86_64	apache2-example-certificates	< 2.2.15-4.7.1	apache2-example-certificates-2.2.15-4.7.1.x86_64.rpm
openSUSE	11.3	i586	apache2-worker	< 2.2.15-4.7.1	apache2-worker-2.2.15-4.7.1.i586.rpm
openSUSE	11.4	i586	apache2-example-certificates	< 2.2.17-4.9.1	apache2-example-certificates-2.2.17-4.9.1.i586.rpm
openSUSE	11.4	i586	apache2	< 2.2.17-4.9.1	apache2-2.2.17-4.9.1.i586.rpm

Rows per page:

1-10 of 341

References

bugzilla.novell.com/713966

bugzilla.novell.com/719236

bugzilla.novell.com/722545

suse 5

nessus 42

redhat 10

openvas 46

oraclelinux 3

amazon 2

centos 2

threatpost 3

securityvulns 5

slackware 2

fedora 2

ubuntu 2

seebug 7

packetstorm 4

cve 4

freebsd 2

httpd 6

debiancve 4

altlinux 9

ubuntucve 4

checkpoint_advisories 6

veracode 5

prion 4

exploitpack 2

debian 2

f5 3

hackerone 2

ibm 4

cert 1

checkpoint_security 1

cisa 1

zdt 1

exploitdb 1

thn 1

kaspersky 1

suse

Security update for Apache2 (important)

2011-11-04 09:08:25

Security update for apache2 (important)

2011-11-09 19:08:34

Security update for Apache (important)

2011-09-06 18:08:19

nessus

SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5344)

2011-12-13 00:00:00

Oracle Linux 6 : httpd (ELSA-2011-1391)

2013-07-12 00:00:00

openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)

2014-06-13 00:00:00

redhat

(RHSA-2011:1391) Moderate: httpd security and bug fix update

2011-10-20 00:00:00

(RHSA-2011:1392) Moderate: httpd security and bug fix update

2011-10-20 00:00:00

(RHSA-2012:0543) Moderate: httpd security and bug fix update

2012-05-07 18:13:40

openvas

RedHat Update for httpd RHSA-2011:1391-01

2012-07-09 00:00:00

RedHat Update for httpd RHSA-2011:1391-01

2012-07-09 00:00:00

Oracle: Security Advisory (ELSA-2011-1391)

2015-10-06 00:00:00

oraclelinux

httpd security and bug fix update

2011-10-20 00:00:00

httpd security and bug fix update

2011-10-20 00:00:00

httpd security update

2011-08-31 00:00:00

amazon

Medium: httpd

2011-10-31 18:19:00

Medium: httpd

2011-09-27 22:46:00

centos

httpd, mod_ssl security update

2011-10-20 21:19:56

httpd, mod_ssl security update

2011-09-01 11:41:08

threatpost

Apache Releases Version 2.2.21 With New Fix For Range Header Flaw

2011-09-14 15:29:14

New Apache Reverse Proxy Issue Uncovered

2011-11-26 23:41:49

Apache Fixes Range Header DoS Flaw

2011-08-31 10:30:00

securityvulns

Multiple HTTP servers DoS

2011-10-20 00:00:00

[ MDVSA-2011:144 ] apache

2011-10-12 00:00:00

Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability

2011-08-30 00:00:00

slackware

[slackware-security] httpd

2011-10-14 23:59:50

[slackware-security] httpd

2011-09-09 14:05:46

fedora

[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15

2011-09-16 01:58:28

[SECURITY] Fedora 16 Update: httpd-2.2.21-1.fc16

2011-09-30 19:07:35

ubuntu

Apache vulnerabilities

2011-11-11 00:00:00

Apache vulnerability

2011-09-01 00:00:00

seebug

Apache HTTP Server 'mod_proxy'反向代理信息泄露漏洞

2011-10-08 00:00:00

Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC

2011-10-12 00:00:00

Apache HTTP Server mod_proxy_ajp拒绝服务漏洞

2011-09-18 00:00:00

packetstorm

Apache Reverse Proxy Bypass

2011-10-06 00:00:00

Apache mod_proxy Proof Of Concept

2011-10-11 00:00:00

Obehotel CMS Denial Of Service / SQL Injection

2013-08-26 00:00:00

cve

CVE-2011-3368

2011-10-05 22:55:00

CVE-2011-3348

2011-09-20 05:55:00

CVE-2011-3639

2011-11-30 04:05:00

freebsd

Apache 1.3 -- mod_proxy reverse proxy exposure

2011-10-05 00:00:00

apache -- Range header DoS vulnerability

2011-08-24 00:00:00

httpd

Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure

2011-09-16 00:00:00

Apache Httpd < 2.2.21 : mod_proxy_ajp remote DoS

2011-09-07 00:00:00

Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure

2011-09-16 00:00:00

debiancve

CVE-2011-3368

2011-10-05 22:55:00

CVE-2011-3348

2011-09-20 05:55:00

CVE-2011-4317

2011-11-30 04:05:00

altlinux

Security fix for the ALT Linux 8 package apache2 version 2.2.21-alt1

2011-09-20 00:00:00

Security fix for the ALT Linux 9 package apache2 version 2.2.21-alt2

2011-11-19 00:00:00

Security fix for the ALT Linux 10 package apache2 version 2.2.21-alt2

2011-11-19 00:00:00

ubuntucve

CVE-2011-3368

2011-10-05 00:00:00

CVE-2011-3348

2011-09-20 00:00:00

CVE-2011-3639

2011-11-30 00:00:00

checkpoint_advisories

Apache HTTPD mod_proxy_ajp Denial Of Service (CVE-2011-3348)

2014-11-12 00:00:00

Preemptive Protection against Apache HTTPD mod_proxy_ajp Denial of Service (CVE-2011-3348)

2011-12-06 00:00:00

Apache HTTPD mod_proxy Security Bypass (CVE-2011-3368)

2012-03-05 00:00:00

veracode

Information Disclosure

2020-04-10 01:03:06

Denial Of Service (DoS)

2020-04-10 01:03:06

Denial Of Service (DoS)

2020-04-10 01:02:22

prion

Design/Logic Flaw

2011-10-05 22:55:00

Design/Logic Flaw

2011-09-20 05:55:00

Design/Logic Flaw

2011-11-30 04:05:00

exploitpack

Apache mod_proxy - Reverse Proxy Exposure

2011-10-11 00:00:00

Apache - Denial of Service

2011-12-09 00:00:00

debian

[BSA-058] Security Update for apache2

2011-11-14 04:20:22

[BSA-049] Security Update for apache2

2011-09-06 02:06:51

K13114 : Apache Range header vulnerability - CVE-2011-3192

2013-09-12 00:00:00

SOL13114 - Apache Range header vulnerability - CVE-2011-3192

2011-10-06 00:00:00

K20979231 : Apache vulnerability CVE-2011-3639

2015-12-29 00:00:00

hackerone

ownCloud: Apache Range Header Denial of Service Attack (Confirmed PoC)

2015-09-14 22:55:12

Gratipay: grtp.co is vulnerable to http-vuln-cve2011-3192

2016-01-25 13:01:41

ibm

Security Bulletin: API Connect is affected by an Apache HTTP Server vulnerability (CVE-2011-3192)

2018-06-15 07:07:54

Security Bulletin: Potential security exposure with IBM HTTP Server 8.0 and earlier (PM46234) (CVE-2011-3192)

2022-09-08 00:26:26

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

cert

Apache HTTPD 1.3/2.x Range header DoS vulnerability

2011-08-26 00:00:00

checkpoint_security

Check Point Response to Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

2011-08-24 21:00:00

cisa

Oracle Releases Security Alert for Oracle HTTP Server Products

2011-09-19 00:00:00

zdt

Obehotel CMS SQL Injection Vulnerability

2013-08-27 00:00:00

exploitdb

Apache mod_proxy - Reverse Proxy Exposure

2011-10-11 00:00:00

thn

New Apache Reverse Proxy Flaw Allows Access to Internal Network

2011-11-27 08:58:00

kaspersky

KLA10065 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.974 High

EPSS

Percentile

99.9%

JSON

Related for OPENSUSE-SU-2011:1217-1