CVE-2011-3192

HIGH

Description

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

References

http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html

http://blogs.oracle.com/security/entry/security_alert_for_cve_2011

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%[email protected]%3e

http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%[email protected].com%3e

http://marc.info/?l=bugtraq&m=131551295528105&w=2

http://marc.info/?l=bugtraq&m=131731002122529&w=2

http://marc.info/?l=bugtraq&m=132033751509019&w=2

http://marc.info/?l=bugtraq&m=133477473521382&w=2

http://marc.info/?l=bugtraq&m=133951357207000&w=2

http://marc.info/?l=bugtraq&m=134987041210674&w=2

http://osvdb.org/74721

http://seclists.org/fulldisclosure/2011/Aug/175

http://secunia.com/advisories/45606

http://secunia.com/advisories/45937

http://secunia.com/advisories/46000

http://secunia.com/advisories/46125

http://secunia.com/advisories/46126

http://securitytracker.com/id?1025960

http://support.apple.com/kb/HT5002

http://www.apache.org/dist/httpd/Announcement2.2.html

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml

http://www.exploit-db.com/exploits/17696

http://www.gossamer-threads.com/lists/apache/dev/401638

http://www.kb.cert.org/vuls/id/405811

http://www.mandriva.com/security/advisories?name=MDVSA-2011:130

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html

http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html

http://www.redhat.com/support/errata/RHSA-2011-1245.html

http://www.redhat.com/support/errata/RHSA-2011-1294.html

http://www.redhat.com/support/errata/RHSA-2011-1300.html

http://www.redhat.com/support/errata/RHSA-2011-1329.html

http://www.redhat.com/support/errata/RHSA-2011-1330.html

http://www.redhat.com/support/errata/RHSA-2011-1369.html

http://www.securityfocus.com/bid/49303

http://www.ubuntu.com/usn/USN-1199-1

https://bugzilla.redhat.com/show_bug.cgi?id=732928

https://exchange.xforce.ibmcloud.com/vulnerabilities/69396

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://issues.apache.org/bugzilla/show_bug.cgi?id=51714

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827

Details

Source: MITRE

Published: 2011-08-29

Updated: 2021-03-30

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
78262Amazon Linux AMI : httpd (ALAS-2011-1)NessusAmazon Linux Local Security Checks
high
78131F5 Networks BIG-IP : Apache Range header vulnerability (K13114)NessusF5 Networks Local Security Checks
high
77326Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)NessusMisc.
critical
75787openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)NessusSuSE Local Security Checks
high
75786openSUSE Security Update : apache2 (openSUSE-SU-2011:0993-1)NessusSuSE Local Security Checks
high
75426openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)NessusSuSE Local Security Checks
high
75425openSUSE Security Update : apache2 (openSUSE-SU-2011:0993-1)NessusSuSE Local Security Checks
high
69560Amazon Linux AMI : httpd (ALAS-2011-01)NessusAmazon Linux Local Security Checks
high
68914Apache 2.0.x < 2.0.65 Multiple VulnerabilitiesNessusWeb Servers
medium
68342Oracle Linux 4 / 5 / 6 : httpd (ELSA-2011-1245)NessusOracle Linux Local Security Checks
high
63998RHEL 5 / 6 : httpd (RHSA-2011:1294)NessusRed Hat Local Security Checks
high
61126Scientific Linux Security Update : httpd on SL4.x, SL5.x, SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
59678GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
58811HP System Management Homepage < 7.0 Multiple VulnerabilitiesNessusWeb Servers
critical
57607IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple VulnerabilitiesNessusWeb Servers
critical
57155SuSE 10 Security Update : Apache (ZYPP Patch Number 7722)NessusSuSE Local Security Checks
high
57089SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5344)NessusSuSE Local Security Checks
high
57088SuSE 11.1 Security Update : Apache (SAT Patch Number 5090)NessusSuSE Local Security Checks
high
56600SuSE 10 Security Update : Apache (ZYPP Patch Number 7721)NessusSuSE Local Security Checks
high
6039Mac OS X 10.7 < 10.7.2 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
56481Mac OS X Multiple Vulnerabilities (Security Update 2011-006)NessusMacOS X Local Security Checks
critical
56480Mac OS X 10.7.x < 10.7.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
56359Fedora 16 : httpd-2.2.21-1.fc16 (2011-12667)NessusFedora Local Security Checks
high
56348IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple VulnerabilitiesNessusWeb Servers
high
56217Fedora 15 : httpd-2.2.21-1.fc15 (2011-12715)NessusFedora Local Security Checks
high
56142Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2011-252-01)NessusSlackware Local Security Checks
high
56084Mandriva Linux Security Advisory : apache (MDVSA-2011:130-1)NessusMandriva Local Security Checks
high
56048Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : apache2 vulnerability (USN-1199-1)NessusUbuntu Local Security Checks
high
56046CentOS 4 : httpd (CESA-2011:1245)NessusCentOS Local Security Checks
high
56032RHEL 4 / 5 / 6 : httpd (RHSA-2011:1245)NessusRed Hat Local Security Checks
high
56017FreeBSD : apache -- Range header DoS vulnerability (7f6108d2-cea8-11e0-9d58-0800279895ea)NessusFreeBSD Local Security Checks
high
55998Debian DSA-2298-2 : apache2 - denial of serviceNessusDebian Local Security Checks
high
800584Apache 2.2 < 2.2.20 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
6021Apache 2.2 < 2.2.20 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
55976Apache HTTP Server Byte Range DoSNessusWeb Servers
high