This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.
The web server running on the remote host is affected by a
denial of service vulnerability.
The version of Apache HTTP Server running on the remote host is
affected by a denial of service vulnerability. Making a series of
HTTP requests with overlapping ranges in the Range or Request-Range
request headers can result in memory and CPU exhaustion. A remote,
unauthenticated attacker could exploit this to make the system
Exploit code is publicly available and attacks have reportedly been
observed in the wild.
See also :
Upgrade to Apache httpd 2.2.21 or later, or use one of the workarounds
in Apache's advisories for CVE-2011-3192. Version 2.2.20 fixed the
issue, but also introduced a regression.
If the host is running a web server based on Apache httpd, contact the
vendor for a fix.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true