Apache HTTP Server Byte Range DoS

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The web server running on the remote host is affected by a
denial of service vulnerability.

Description :

The version of Apache HTTP Server running on the remote host is
affected by a denial of service vulnerability. Making a series of
HTTP requests with overlapping ranges in the Range or Request-Range
request headers can result in memory and CPU exhaustion. A remote,
unauthenticated attacker could exploit this to make the system

Exploit code is publicly available and attacks have reportedly been
observed in the wild.

See also :


Solution :

Upgrade to Apache httpd 2.2.21 or later. Alternatively, apply one of
the workarounds in Apache's advisories for CVE-2011-3192. Version
2.2.20 fixed the issue, but it also introduced a regression.

If the host is running a web server based on Apache httpd, contact the
vendor for a fix.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.1
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 55976 ()

Bugtraq ID: 49303

CVE ID: CVE-2011-3192

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now