This update fixes a remote denial of service bug (memory
exhaustion) in the Apache 2 HTTP server, that could be
triggered by remote attackers using multiple overlapping
Request Ranges. (CVE-2011-3192)

It also fixes a bug, where the LimitRequestFieldsize config
option into account when parsing headers from backend,
thereby avoiding that the receiving buffers are too small.

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server10.4s390xapache2-worker< 2.2.3-16.36.1apache2-worker-2.2.3-16.36.1.s390x.rpm
SUSE Linux Enterprise Server10.4i586apache2-worker< 2.2.3-16.36.1apache2-worker-2.2.3-16.36.1.i586.rpm
SUSE Linux Enterprise Server10.4ppcapache2-doc< 2.2.3-16.36.1apache2-doc-2.2.3-16.36.1.ppc.rpm
SUSE Linux Enterprise Server10.4x86_64apache2-example-pages< 2.2.3-16.36.1apache2-example-pages-2.2.3-16.36.1.x86_64.rpm
SLE SDK10.4i586apache2< 2.2.3-16.36.1apache2-2.2.3-16.36.1.i586.rpm
SUSE Linux Enterprise Server10.4x86_64apache2-devel< 2.2.3-16.36.1apache2-devel-2.2.3-16.36.1.x86_64.rpm
SLE SDK10.4i586apache2-worker< 2.2.3-16.36.1apache2-worker-2.2.3-16.36.1.i586.rpm
SLE SDK10.4ia64apache2-prefork< 2.2.3-16.36.1apache2-prefork-2.2.3-16.36.1.ia64.rpm
SUSE Linux Enterprise Server10.4ia64apache2-doc< 2.2.3-16.36.1apache2-doc-2.2.3-16.36.1.ia64.rpm
SUSE Linux Enterprise Server10.4x86_64apache2< 2.2.3-16.36.1apache2-2.2.3-16.36.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Server	10.4	s390x	apache2-worker	< 2.2.3-16.36.1	apache2-worker-2.2.3-16.36.1.s390x.rpm
SUSE Linux Enterprise Server	10.4	i586	apache2-worker	< 2.2.3-16.36.1	apache2-worker-2.2.3-16.36.1.i586.rpm
SUSE Linux Enterprise Server	10.4	ppc	apache2-doc	< 2.2.3-16.36.1	apache2-doc-2.2.3-16.36.1.ppc.rpm
SUSE Linux Enterprise Server	10.4	x86_64	apache2-example-pages	< 2.2.3-16.36.1	apache2-example-pages-2.2.3-16.36.1.x86_64.rpm
SLE SDK	10.4	i586	apache2	< 2.2.3-16.36.1	apache2-2.2.3-16.36.1.i586.rpm
SUSE Linux Enterprise Server	10.4	x86_64	apache2-devel	< 2.2.3-16.36.1	apache2-devel-2.2.3-16.36.1.x86_64.rpm
SLE SDK	10.4	i586	apache2-worker	< 2.2.3-16.36.1	apache2-worker-2.2.3-16.36.1.i586.rpm
SLE SDK	10.4	ia64	apache2-prefork	< 2.2.3-16.36.1	apache2-prefork-2.2.3-16.36.1.ia64.rpm
SUSE Linux Enterprise Server	10.4	ia64	apache2-doc	< 2.2.3-16.36.1	apache2-doc-2.2.3-16.36.1.ia64.rpm
SUSE Linux Enterprise Server	10.4	x86_64	apache2	< 2.2.3-16.36.1	apache2-2.2.3-16.36.1.x86_64.rpm

Rows per page:

1-10 of 601

References

download.novell.com/patch/finder/?keywords=c3940d73bd140b3d6d6e2d878f94f4f3

bugzilla.novell.com/690734

bugzilla.novell.com/713966

threatpost 2

suse 7

f5 2

altlinux 3

nessus 42

veracode 1

openvas 49

fedora 2

amazon 1

redhat 10

debian 5

hackerone 3

ibm 2

exploitpack 1

cert 1

httpd 2

freebsd 1

packetstorm 3

oraclelinux 2

securityvulns 10

ubuntu 1

seebug 3

checkpoint_advisories 2

checkpoint_security 1

zdt 1

cisa 1

centos 2

slackware 2

debiancve 1

cve 2

prion 2

ubuntucve 1

osv 1

jvn 1

exploitdb 1

nmap 1

attackerkb 1

kaspersky 1

gentoo 1

oracle 3

threatpost

Apache Fixes Range Header DoS Flaw

2011-08-31 10:30:00

Apache Releases Version 2.2.21 With New Fix For Range Header Flaw

2011-09-14 15:29:14

suse

Security update for Apache (important)

2011-09-06 18:08:19

apache2: Fixed a remote denial of service via byte-ranges (important)

2011-09-02 18:08:23

Security update for Apache (important)

2011-09-06 07:08:21

K13114 : Apache Range header vulnerability - CVE-2011-3192

2013-09-12 00:00:00

SOL13114 - Apache Range header vulnerability - CVE-2011-3192

2011-10-06 00:00:00

altlinux

Security fix for the ALT Linux 8 package apache2 version 2.2.20-alt1

2011-08-31 00:00:00

Security fix for the ALT Linux 10 package apache2 version 2.2.20-alt1

2011-08-31 00:00:00

Security fix for the ALT Linux 9 package apache2 version 2.2.20-alt1

2011-08-31 00:00:00

nessus

RHEL 5 : httpd (RHSA-2011:1294)

2013-01-24 00:00:00

openSUSE Security Update : apache2 (openSUSE-SU-2011:0993-1)

2014-06-13 00:00:00

F5 Networks BIG-IP : Apache Range header vulnerability (K13114)

2014-10-10 00:00:00

veracode

Denial Of Service (DoS)

2020-04-10 01:02:22

openvas

CentOS Update for httpd CESA-2011:1245 centos4 i386

2011-09-07 00:00:00

Slackware: Security Advisory (SSA:2011-252-01)

2012-09-10 00:00:00

RedHat Update for httpd RHSA-2011:1294-01

2011-09-16 00:00:00

fedora

[SECURITY] Fedora 16 Update: httpd-2.2.21-1.fc16

2011-09-30 19:07:35

[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15

2011-09-16 01:58:28

amazon

Medium: httpd

2011-09-27 22:46:00

redhat

(RHSA-2011:1330) Important: JBoss Enterprise Web Server 1.0.2 security update

2011-09-21 16:00:45

(RHSA-2011:1369) Important: httpd security update

2011-10-13 00:00:00

(RHSA-2011:1329) Important: httpd and httpd22 security update

2011-09-21 00:00:00

debian

[BSA-049] Security Update for apache2

2011-09-06 02:06:51

[SECURITY] [DSA 2298-2] apache2 regression fix

2011-09-05 19:20:44

[SECURITY] [DSA 2298-2] apache2 regression fix

2011-09-05 19:20:44

hackerone

Gratipay: grtp.co is vulnerable to http-vuln-cve2011-3192

2016-01-25 13:01:41

ownCloud: Apache Range Header Denial of Service Attack (Confirmed PoC)

2015-09-14 22:55:12

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

ibm

Security Bulletin: API Connect is affected by an Apache HTTP Server vulnerability (CVE-2011-3192)

2018-06-15 07:07:54

Security Bulletin: Potential security exposure with IBM HTTP Server 8.0 and earlier (PM46234) (CVE-2011-3192)

2022-09-08 00:26:26

exploitpack

Apache - Denial of Service

2011-12-09 00:00:00

cert

Apache HTTPD 1.3/2.x Range header DoS vulnerability

2011-08-26 00:00:00

httpd

Apache Httpd < 2.2.20 : Range header remote DoS

2011-08-20 00:00:00

Apache Httpd < 2.0.65 : Range header remote DoS

2011-08-20 00:00:00

freebsd

apache -- Range header DoS vulnerability

2011-08-24 00:00:00

packetstorm

Obehotel CMS Denial Of Service / SQL Injection

2013-08-26 00:00:00

Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS

2013-10-07 00:00:00

ProtonMail.ch Header Injection / CSRF

2014-05-30 00:00:00

oraclelinux

httpd security update

2011-08-31 00:00:00

httpd security and bug fix update

2011-10-20 00:00:00

securityvulns

Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability

2011-08-30 00:00:00

Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)

2011-08-27 00:00:00

Multiple HTTP servers DoS

2011-10-20 00:00:00

ubuntu

Apache vulnerability

2011-09-01 00:00:00

seebug

Apache HTTP Server Denial of Service

2014-07-01 00:00:00

Apache Range Header Denial Of Service

2011-12-09 00:00:00

Apache HTTP Server畸形Range选项处理远程拒绝服务漏洞

2011-08-26 00:00:00

checkpoint_advisories

Apache HTTPD Ranges Header Field Denial of Service (CVE-2011-3192)

2011-09-14 00:00:00

Apache HTTPD Ranges Header Field Denial of Service - ver 2 (CVE-2011-3192)

2010-02-25 00:00:00

checkpoint_security

Check Point Response to Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

2011-08-24 21:00:00

zdt

Obehotel CMS SQL Injection Vulnerability

2013-08-27 00:00:00

cisa

Oracle Releases Security Alert for Oracle HTTP Server Products

2011-09-19 00:00:00

centos

httpd, mod_ssl security update

2011-09-01 11:41:08

httpd, mod_ssl security update

2011-10-20 21:19:56

slackware

[slackware-security] httpd

2011-09-09 14:05:46

[slackware-security] httpd

2011-10-14 23:59:50

debiancve

CVE-2011-3192

2011-08-29 15:55:00

cve

CVE-2011-3192

2011-08-29 15:55:00

CVE-2014-5329

2023-09-08 03:15:00

prion

Race condition

2023-09-08 03:15:00

Code injection

2011-08-29 15:55:00

ubuntucve

CVE-2011-3192

2011-08-29 00:00:00

osv

apache2 - denial of service

2011-09-05 00:00:00

jvn

JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)

2014-10-16 00:00:00

exploitdb

Apache - Denial of Service

2011-12-09 00:00:00

nmap

http-vuln-cve2011-3192 NSE Script

2011-08-29 21:42:57

attackerkb

CVE-2011-3192

2011-08-29 00:00:00

kaspersky

KLA10065 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

gentoo

Apache HTTP Server: Multiple vulnerabilities

2012-06-24 00:00:00

oracle

Oracle Critical Patch Update - October 2011

2011-10-18 00:00:00

Oracle Critical Patch Update - January 2012

2012-01-17 00:00:00

Oracle Critical Patch Update - July 2012

2012-07-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.966 High

EPSS

Percentile

99.5%

JSON

Related for SUSE-SU-2011:1007-1