This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The web server running on the remote host is affected by a
denial of service vulnerability.
The version of Apache HTTP Server running on the remote host is
affected by a denial of service vulnerability. Making a series of
HTTP requests with overlapping ranges in the Range or Request-Range
request headers can result in memory and CPU exhaustion. A remote,
unauthenticated attacker could exploit this to make the system
Exploit code is publicly available and attacks have reportedly been
observed in the wild.
See also :
Upgrade to Apache httpd 2.2.21 or later. Alternatively, apply one of
the workarounds in Apache's advisories for CVE-2011-3192. Version
2.2.20 fixed the issue, but it also introduced a regression.
If the host is running a web server based on Apache httpd, contact the
vendor for a fix.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.1
Public Exploit Available : true