Apache HTTP Server Byte Range DoS

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The web server running on the remote host is affected by a
denial of service vulnerability.

Description :

The version of Apache HTTP Server running on the remote host is
affected by a denial of service vulnerability. Making a series of
HTTP requests with overlapping ranges in the Range or Request-Range
request headers can result in memory and CPU exhaustion. A remote,
unauthenticated attacker could exploit this to make the system
unresponsive.

Exploit code is publicly available and attacks have reportedly been
observed in the wild.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0203.html
http://www.gossamer-threads.com/lists/apache/dev/401638
http://www.nessus.org/u?404627ec
http://httpd.apache.org/security/CVE-2011-3192.txt
http://www.nessus.org/u?1538124a
http://www-01.ibm.com/support/docview.wss?uid=swg24030863

Solution :

Upgrade to Apache httpd 2.2.21 or later, or use one of the workarounds
in Apache's advisories for CVE-2011-3192. Version 2.2.20 fixed the
issue, but also introduced a regression.

If the host is running a web server based on Apache httpd, contact the
vendor for a fix.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 55976 ()

Bugtraq ID: 49303

CVE ID: CVE-2011-3192