Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2011:1216-1
HistoryNov 04, 2011 - 9:08 a.m.

Security update for Apache 2 (important)

2011-11-0409:08:32
lists.opensuse.org
91

0.966 High

EPSS

Percentile

99.5%

JSON

This update fixes a remote denial of service bug (memory
exhaustion) in the Apache 2 HTTP server, that could be
triggered by remote attackers using multiple overlapping
Request Ranges . (CVE-2011-3192)

The fix introduces a new config option: Allow MaxRanges
Number of ranges requested, if exceeded, the complete
content is served. default: 200 0|unlimited: unlimited
none: Range headers are ignored. (This option is a backport
from 2.2.21.)

It fixes also the minor security issue in the mod_cache
modules in the Apache HTTP Server that allowed remote
attackers to cause a denial of service (process crash) via
a request that lacks a path. (CVE-2010-1452)

It also fixes some non-security bugs: - take
LimitRequestFieldsize config option into account when
parsing headers from backend. Thereby avoid that the
receiving buffers are too small. bnc#690734. - add / when
on a directory to feed correctly linked listings.
bnc#661597 - a2enmod shalt not disable a module in query
mode. bnc#663359 - New option SSLRenegBufferSize fixes
"413 Request Entity Too Large occur" problem. - fixes
graceful restart hangs, bnc#555098.

Security Issues:

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server10.2x86_64apache2-worker<ย 2.2.3-16.25.40apache2-worker-2.2.3-16.25.40.x86_64.rpm
SUSE Linux Enterprise Server10.2s390xapache2-example-pages<ย 2.2.3-16.25.40apache2-example-pages-2.2.3-16.25.40.s390x.rpm
SUSE Linux Enterprise Server10.2i586apache2-prefork<ย 2.2.3-16.25.40apache2-prefork-2.2.3-16.25.40.i586.rpm
SUSE Linux Enterprise Server10.2s390xapache2-worker<ย 2.2.3-16.25.40apache2-worker-2.2.3-16.25.40.s390x.rpm
SUSE Linux Enterprise Server10.2x86_64apache2<ย 2.2.3-16.25.40apache2-2.2.3-16.25.40.x86_64.rpm
SUSE Linux Enterprise Server10.2x86_64apache2-doc<ย 2.2.3-16.25.40apache2-doc-2.2.3-16.25.40.x86_64.rpm
SUSE Linux Enterprise Server10.2i586apache2-doc<ย 2.2.3-16.25.40apache2-doc-2.2.3-16.25.40.i586.rpm
SUSE Linux Enterprise Server10.2i586apache2-example-pages<ย 2.2.3-16.25.40apache2-example-pages-2.2.3-16.25.40.i586.rpm
SUSE Linux Enterprise Server10.2s390xapache2<ย 2.2.3-16.25.40apache2-2.2.3-16.25.40.s390x.rpm
SUSE Linux Enterprise Server10.2x86_64apache2-devel<ย 2.2.3-16.25.40apache2-devel-2.2.3-16.25.40.x86_64.rpm
Rows per page:
1-10 of 181

Related

debian 5
nessus 46
suse 6
openvas 61
osv 1
ubuntucve 2
httpd 4
slackware 3
fedora 3
veracode 2
cve 3
debiancve 2
prion 3
freebsd 2
altlinux 6
hackerone 2
redhat 9
ibm 2
exploitpack 1
cert 1
packetstorm 3
cisa 1
checkpoint_advisories 2
zdt 1
checkpoint_security 1
f5 4
centos 3
seebug 3
threatpost 2
amazon 1
oraclelinux 3
securityvulns 4
ubuntu 2
jvn 1
exploitdb 1
nmap 1
attackerkb 1
gentoo 1
debian
debian
[SECURITY] [DSA 2298-1] apache2 security update
2011-08-29 21:16:25
[SECURITY] [DSA 2298-2] apache2 regression fix
2011-09-05 19:20:44
[SECURITY] [DSA 2298-2] apache2 regression fix
2011-09-05 19:20:44
nessus
nessus
Debian DSA-2298-2 : apache2 - denial of service
2011-08-30 00:00:00
SuSE 11.1 Security Update : Apache (SAT Patch Number 5090)
2011-12-13 00:00:00
Fedora 13 : httpd-2.2.16-1.fc13 (2010-12478)
2010-08-14 00:00:00
suse
suse
Security update for Apache (important)
2011-09-06 07:08:21
apache2: Fixed a remote denial of service via byte-ranges (important)
2011-09-02 18:08:23
Security update for Apache (important)
2011-09-06 18:08:19
openvas
openvas
Debian Security Advisory DSA 2298-1 (apache2)
2011-09-21 00:00:00
Debian Security Advisory DSA 2298-2 (apache2)
2011-09-21 00:00:00
Debian Security Advisory DSA 2298-2 (apache2)
2011-09-21 00:00:00
osv
osv
apache2 - denial of service
2011-09-05 00:00:00
ubuntucve
ubuntucve
CVE-2010-1452
2010-07-28 00:00:00
CVE-2011-3192
2011-08-29 00:00:00
httpd
httpd
Apache Httpd < 2.2.16 : mod_cache and mod_dav DoS
2010-05-04 00:00:00
Apache Httpd < 2.0.64 : mod_cache and mod_dav DoS
2010-05-04 00:00:00
Apache Httpd < 2.2.20 : Range header remote DoS
2011-08-20 00:00:00
slackware
slackware
[slackware-security] httpd
2010-08-28 16:52:27
[slackware-security] httpd
2011-09-09 14:05:46
[slackware-security] httpd
2011-10-14 23:59:50
fedora
fedora
[SECURITY] Fedora 13 Update: httpd-2.2.16-1.fc13
2010-08-13 21:20:54
[SECURITY] Fedora 16 Update: httpd-2.2.21-1.fc16
2011-09-30 19:07:35
[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15
2011-09-16 01:58:28
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:09
Denial Of Service (DoS)
2020-04-10 01:02:22
cve
cve
CVE-2010-1452
2010-07-28 20:00:00
CVE-2014-5329
2023-09-08 03:15:00
CVE-2011-3192
2011-08-29 15:55:00
debiancve
debiancve
CVE-2010-1452
2010-07-28 20:00:00
CVE-2011-3192
2011-08-29 15:55:00
prion
prion
Path traversal
2010-07-28 20:00:00
Race condition
2023-09-08 03:15:00
Code injection
2011-08-29 15:55:00
freebsd
freebsd
apache -- Remote DoS bug in mod_cache and mod_dav
2010-07-21 00:00:00
apache -- Range header DoS vulnerability
2011-08-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.20-alt1
2011-08-31 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.20-alt1
2011-08-31 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.20-alt1
2011-08-31 00:00:00
hackerone
hackerone
Gratipay: grtp.co is vulnerable to http-vuln-cve2011-3192
2016-01-25 13:01:41
ownCloud: Apache Range Header Denial of Service Attack (Confirmed PoC)
2015-09-14 22:55:12
redhat
redhat
(RHSA-2011:1330) Important: JBoss Enterprise Web Server 1.0.2 security update
2011-09-21 16:00:45
(RHSA-2011:1369) Important: httpd security update
2011-10-13 00:00:00
(RHSA-2011:1245) Important: httpd security update
2011-08-31 00:00:00
ibm
ibm
Security Bulletin: API Connect is affected by an Apache HTTP Server vulnerability (CVE-2011-3192)
2018-06-15 07:07:54
Security Bulletin: Potential security exposure with IBM HTTP Server 8.0 and earlier (PM46234) (CVE-2011-3192)
2022-09-08 00:26:26
exploitpack
exploitpack
Apache - Denial of Service
2011-12-09 00:00:00
cert
cert
Apache HTTPD 1.3/2.x Range header DoS vulnerability
2011-08-26 00:00:00
packetstorm
packetstorm
Obehotel CMS Denial Of Service / SQL Injection
2013-08-26 00:00:00
Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
2013-10-07 00:00:00
ProtonMail.ch Header Injection / CSRF
2014-05-30 00:00:00
cisa
cisa
Oracle Releases Security Alert for Oracle HTTP Server Products
2011-09-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTPD Ranges Header Field Denial of Service (CVE-2011-3192)
2011-09-14 00:00:00
Apache HTTPD Ranges Header Field Denial of Service - ver 2 (CVE-2011-3192)
2010-02-25 00:00:00
zdt
zdt
Obehotel CMS SQL Injection Vulnerability
2013-08-27 00:00:00
checkpoint_security
checkpoint_security
Check Point Response to Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
2011-08-24 21:00:00
f5
f5
SOL13114 - Apache Range header vulnerability - CVE-2011-3192
2011-10-06 00:00:00
K13114 : Apache Range header vulnerability - CVE-2011-3192
2013-09-12 00:00:00
K15899 : Multiple Apache vulnerabilities CVE-2012-4558, CVE-2012-0883, CVE-2011-3348, and CVE-2010-1452
2014-12-08 00:00:00
centos
centos
httpd, mod_ssl security update
2011-09-01 11:41:08
httpd, mod_ssl security update
2010-08-31 21:00:21
httpd, mod_ssl security update
2011-10-20 21:19:56
seebug
seebug
Apache Range Header Denial Of Service
2011-12-09 00:00:00
Apache HTTP Server Denial of Service
2014-07-01 00:00:00
Apache HTTP Server็•ธๅฝขRange้€‰้กนๅค„็†่ฟœ็จ‹ๆ‹’็ปๆœๅŠกๆผๆดž
2011-08-26 00:00:00
threatpost
threatpost
Apache Fixes Range Header DoS Flaw
2011-08-31 10:30:00
Apache Releases Version 2.2.21 With New Fix For Range Header Flaw
2011-09-14 15:29:14
amazon
amazon
Medium: httpd
2011-09-27 22:46:00
oraclelinux
oraclelinux
httpd security update
2011-08-31 00:00:00
httpd security and bug fix update
2010-08-30 00:00:00
httpd security and bug fix update
2011-10-20 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability
2011-08-30 00:00:00
Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x &#40;CVE-2011-3192&#41;
2011-08-27 00:00:00
Multiple HTTP servers DoS
2011-10-20 00:00:00
ubuntu
ubuntu
Apache vulnerability
2011-09-01 00:00:00
Apache vulnerabilities
2010-11-25 00:00:00
jvn
jvn
JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)
2014-10-16 00:00:00
exploitdb
exploitdb
Apache - Denial of Service
2011-12-09 00:00:00
nmap
nmap
http-vuln-cve2011-3192 NSE Script
2011-08-29 21:42:57
attackerkb
attackerkb
CVE-2011-3192
2011-08-29 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00

0.966 High

EPSS

Percentile

99.5%

JSON
Related for SUSE-SU-2011:1216-1
debian5nessus46suse6openvas61osv1ubuntucve2httpd4slackware3fedora3veracode2cve3debiancve2prion3freebsd2altlinux6hackerone2redhat9ibm2exploitpack1cert1packetstorm3cisa1checkpoint_advisories2zdt1checkpoint_security1f54centos3seebug3threatpost2amazon1oraclelinux3securityvulns4ubuntu2jvn1exploitdb1nmap1attackerkb1gentoo1