Vulnerabilities > CVE-2011-3192 - Resource Exhaustion vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
suse
opensuse
canonical
CWE-400
nessus
exploit available
metasploit

Summary

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Vulnerable Configurations

Part Description Count
Application
Apache
51
OS
Suse
8
OS
Opensuse
2
OS
Canonical
4

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Exploit-Db

  • descriptionApache httpd Remote Denial of Service (memory exhaustion). CVE-2011-3192,CVE-2014-5329. Dos exploits for multiple platform
    fileexploits/multiple/dos/17696.pl
    idEDB-ID:17696
    last seen2016-02-02
    modified2011-08-19
    platformmultiple
    port
    published2011-08-19
    reporterkingcope
    sourcehttps://www.exploit-db.com/download/17696/
    titleApache httpd Remote Denial of Service memory exhaustion
    typedos
  • descriptionApache HTTP Server Denial of Service. CVE-2011-3192,CVE-2014-5329. Dos exploit for linux platform
    idEDB-ID:18221
    last seen2016-02-02
    modified2011-12-09
    published2011-12-09
    reporterRamon de C Valle
    sourcehttps://www.exploit-db.com/download/18221/
    titleApache HTTP Server Denial of Service

Metasploit

descriptionThe byterange filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, exploit called "Apache Killer"
idMSF:AUXILIARY/DOS/HTTP/APACHE_RANGE_DOS
last seen2020-06-14
modified2020-05-12
published2011-09-23
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/apache_range_dos.rb
titleApache Range Header DoS (Apache Killer)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1294.NASL
    descriptionUpdated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id63998
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63998
    titleRHEL 5 / 6 : httpd (RHSA-2011:1294)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:1294. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63998);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:16");
    
      script_cve_id("CVE-2011-3192");
      script_bugtraq_id(49303);
      script_xref(name:"RHSA", value:"2011:1294");
    
      script_name(english:"RHEL 5 / 6 : httpd (RHSA-2011:1294)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated httpd packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5.3 Long Life, 5.6 Extended Update
    Support, and 6.0 Extended Update Support.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    The Apache HTTP Server is a popular web server.
    
    A flaw was found in the way the Apache HTTP Server handled Range HTTP
    headers. A remote attacker could use this flaw to cause httpd to use
    an excessive amount of memory and CPU time via HTTP requests with a
    specially crafted Range header. (CVE-2011-3192)
    
    All httpd users should upgrade to these updated packages, which
    contain a backported patch to correct this issue. After installing the
    updated packages, the httpd daemon must be restarted for the update to
    take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2011-3192.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://rhn.redhat.com/errata/RHSA-2011-1294.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/09/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    flag = 0;
    if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"httpd-2.2.3-22.el5_3.3")) flag++;
    if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"httpd-2.2.3-22.el5_3.3")) flag++;
    if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"httpd-devel-2.2.3-22.el5_3.3")) flag++;
    if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"httpd-devel-2.2.3-22.el5_3.3")) flag++;
    if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"httpd-manual-2.2.3-22.el5_3.3")) flag++;
    if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"httpd-manual-2.2.3-22.el5_3.3")) flag++;
    if (rpm_check(release:"RHEL5", sp:"3", cpu:"i386", reference:"mod_ssl-2.2.3-22.el5_3.3")) flag++;
    if (rpm_check(release:"RHEL5", sp:"3", cpu:"x86_64", reference:"mod_ssl-2.2.3-22.el5_3.3")) flag++;
    
    if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"httpd-2.2.3-45.el5_6.2")) flag++;
    if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"httpd-2.2.3-45.el5_6.2")) flag++;
    if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"httpd-2.2.3-45.el5_6.2")) flag++;
    if (rpm_check(release:"RHEL5", sp:"6", reference:"httpd-devel-2.2.3-45.el5_6.2")) flag++;
    if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"httpd-manual-2.2.3-45.el5_6.2")) flag++;
    if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"httpd-manual-2.2.3-45.el5_6.2")) flag++;
    if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"httpd-manual-2.2.3-45.el5_6.2")) flag++;
    if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"mod_ssl-2.2.3-45.el5_6.2")) flag++;
    if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"mod_ssl-2.2.3-45.el5_6.2")) flag++;
    if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"mod_ssl-2.2.3-45.el5_6.2")) flag++;
    
    if (rpm_check(release:"RHEL6", cpu:"i686", reference:"httpd-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"httpd-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", reference:"httpd-debuginfo-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", reference:"httpd-devel-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", reference:"httpd-manual-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"i686", reference:"httpd-tools-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"httpd-tools-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-tools-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mod_ssl-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"mod_ssl-2.2.15-5.el6_0.1")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_ssl-2.2.15-5.el6_0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1392.NASL
    descriptionUpdated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) Red Hat would like to thank Context Information Security for reporting this issue. This update also fixes the following bug : * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56579
    published2011-10-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56579
    titleRHEL 4 / 5 : httpd (RHSA-2011:1392)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_0_0_1.NASL
    descriptionIBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be running on the remote host and is potentially affected by the following vulnerabilities : - An open redirect vulnerability exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id56348
    published2011-09-30
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56348
    titleIBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-168.NASL
    descriptionA vulnerability has been discovered and corrected in apache : The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request (CVE-2011-3348). The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56764
    published2011-11-10
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56764
    titleMandriva Linux Security Advisory : apache (MDVSA-2011:168)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111020_HTTPD_ON_SL6_X.NASL
    descriptionThe Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an
    last seen2020-06-01
    modified2020-06-02
    plugin id61161
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61161
    titleScientific Linux Security Update : httpd on SL6.x i386/x86_64
  • NASL familyWeb Servers
    NASL idAPACHE_RANGE_DOS.NASL
    descriptionThe version of Apache HTTP Server running on the remote host is affected by a denial of service vulnerability. Making a series of HTTP requests with overlapping ranges in the Range or Request-Range request headers can result in memory and CPU exhaustion. A remote, unauthenticated attacker could exploit this to make the system unresponsive. Exploit code is publicly available and attacks have reportedly been observed in the wild.
    last seen2020-06-01
    modified2020-06-02
    plugin id55976
    published2011-08-25
    reporterThis script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55976
    titleApache HTTP Server Byte Range DoS
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-25 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. A local attacker could gain escalated privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59678
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59678
    titleGLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreMedia - CoreProcesses - CoreStorage - File Systems - iChat Server - Kernel - libsecurity - Open Directory - PHP - python - QuickTime - SMB File Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id56480
    published2011-10-13
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56480
    titleMac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idHPSMH_7_0_0_24.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id58811
    published2012-04-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58811
    titleHP System Management Homepage < 7.0 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1392.NASL
    descriptionUpdated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) Red Hat would like to thank Context Information Security for reporting this issue. This update also fixes the following bug : * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56570
    published2011-10-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56570
    titleCentOS 4 / 5 : httpd (CESA-2011:1392)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0542.NASL
    descriptionUpdated httpd packages that fix multiple security issues and one bug are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server (
    last seen2020-06-01
    modified2020-06-02
    plugin id78923
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78923
    titleRHEL 5 / 6 : JBoss Web Server (RHSA-2012:0542)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1391.NASL
    descriptionUpdated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an
    last seen2020-06-01
    modified2020-06-02
    plugin id56578
    published2011-10-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56578
    titleRHEL 6 : httpd (RHSA-2011:1391)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2011-252-01.NASL
    descriptionNot long ago, httpd package updates were issued to clamp down on a denial of service bug that
    last seen2020-06-01
    modified2020-06-02
    plugin id56142
    published2011-09-12
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56142
    titleSlackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2011-252-01)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110831_HTTPD_ON_SL4_X.NASL
    descriptionThe Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61126
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61126
    titleScientific Linux Security Update : httpd on SL4.x, SL5.x, SL6.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_APACHE2-111026.NASL
    descriptionThis update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack (CVE-2011-3192) was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. default: 200 0|unlimited: unlimited none: Range headers are ignored. This option is a backport from 2.2.21. Also fixed: CVE-2011-3348: Denial of service in proxy_ajp when using a undefined method. CVE-2011-3368: Exposure of internal servers via reverse proxy methods with mod_proxy enabled and incorrect Rewrite or Proxy Rules.
    last seen2020-06-01
    modified2020-06-02
    plugin id75787
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75787
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1391.NASL
    descriptionFrom Red Hat Security Advisory 2011:1391 : Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an
    last seen2020-06-01
    modified2020-06-02
    plugin id68376
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68376
    titleOracle Linux 6 : httpd (ELSA-2011-1391)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-110831.NASL
    descriptionThis update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. (CVE-2011-3192) It also fixes a issue in mod_dav, where the (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x allowed remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) Also following bugs were fixed : - recommend the default MPM (prefork) via Recommends: in .spec - apache not sending error 304 if mod_deflate is enabled. - take LimitRequestFieldsize config option into account when parsing headers from backend.
    last seen2020-06-01
    modified2020-06-02
    plugin id57088
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57088
    titleSuSE 11.1 Security Update : Apache (SAT Patch Number 5090)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1199-1.NASL
    descriptionA flaw was discovered in the byterange filter in Apache. A remote attacker could exploit this to cause a denial of service via resource exhaustion. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56048
    published2011-09-02
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56048
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : apache2 vulnerability (USN-1199-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111020_HTTPD_ON_SL4_X.NASL
    descriptionThe Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) This update also fixes the following bug : - The fix for CVE-2011-3192 provided by a previous update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61160
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61160
    titleScientific Linux Security Update : httpd on SL4.x, SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-12667.NASL
    descriptionThis update contains the latest stable release of the Apache HTTP Server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56359
    published2011-10-03
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56359
    titleFedora 16 : httpd-2.2.21-1.fc16 (2011-12667)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2011-1.NASL
    descriptionThe Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id78262
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78262
    titleAmazon Linux AMI : httpd (ALAS-2011-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-7722.NASL
    descriptionThis update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. (CVE-2011-3192) It also fixes a bug, where the LimitRequestFieldsize config option into account when parsing headers from backend, thereby avoiding that the receiving buffers are too small.
    last seen2020-06-01
    modified2020-06-02
    plugin id57155
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57155
    titleSuSE 10 Security Update : Apache (ZYPP Patch Number 7722)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1245.NASL
    descriptionFrom Red Hat Security Advisory 2011:1245 : Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68342
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68342
    titleOracle Linux 4 / 5 / 6 : httpd (ELSA-2011-1245)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-130.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in apache : The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086 (CVE-2011-3192). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id56084
    published2011-09-06
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56084
    titleMandriva Linux Security Advisory : apache (MDVSA-2011:130-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2298.NASL
    descriptionTwo issues have been found in the Apache HTTPD web server : - CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. - CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution.
    last seen2020-03-17
    modified2011-08-30
    plugin id55998
    published2011-08-30
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55998
    titleDebian DSA-2298-2 : apache2 - denial of service
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_APACHE2-110831.NASL
    descriptionThis update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges . (CVE-2011-3192)
    last seen2020-06-01
    modified2020-06-02
    plugin id75425
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75425
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2011:0993-1)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL13114.NASL
    descriptionThe byte-range filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial-of-service (memory and CPU consumption) using a Range header that expresses multiple overlapping ranges. When this vulnerability is exploited, the httpd process consumes all available CPU cycles. As a result of CPU starvation, the Configuration utility, SSH sessions, and other userland processes may appear extremely slow or completely unresponsive. On BIG-IP systems, if the system hardware watchdog timer is not updated for more than 10 seconds, the hardware watchdog restarts the system. (CVE-2011-3192) Impact The performance of userland processes may be severely impaired, and the system may eventually reboot.
    last seen2020-06-01
    modified2020-06-02
    plugin id78131
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78131
    titleF5 Networks BIG-IP : Apache Range header vulnerability (K13114)
  • NASL familyWeb Servers
    NASL idAPACHE_2_0_65.NASL
    descriptionAccording to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.65. It is, therefore, affected by several vulnerabilities : - A flaw exists in the byte-range filter, making it vulnerable to denial of service. (CVE-2011-3192) - A flaw exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id68914
    published2013-07-16
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68914
    titleApache 2.0.x < 2.0.65 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-111026.NASL
    descriptionThis update brings Apache to version 2.2.12. The main reason is the enablement of the Server Name Indication (SNI) that allows several SSL-enabled domains on one IP address (FATE#311973). See the SSLStrictSNIVHostCheck directive as documented in /usr/share/apache2/manual/mod/mod_ssl.html.en Also the patch for the ByteRange remote denial of service attack (CVE-2011-3192) was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. default: 200 0|unlimited: unlimited none: Range headers are ignored. This option is a backport from 2.2.21. Also fixed were - Denial of service in proxy_ajp when using a undefined method. (CVE-2011-3348) - Exposure of internal servers via reverse proxy methods with mod_proxy enabled and incorrect Rewrite or Proxy Rules. This update also includes a newer apache2-vhost-ssl.template, which disables SSLv2, and allows SSLv3 and strong ciphers only. Please note that existing vhosts will not be converted. (CVE-2011-3368)
    last seen2020-06-01
    modified2020-06-02
    plugin id57089
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57089
    titleSuSE 11.1 Security Update : Apache2 (SAT Patch Number 5344)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1392.NASL
    descriptionFrom Red Hat Security Advisory 2011:1392 : Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) Red Hat would like to thank Context Information Security for reporting this issue. This update also fixes the following bug : * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68377
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68377
    titleOracle Linux 4 / 5 : httpd (ELSA-2011-1392)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1245.NASL
    descriptionUpdated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56046
    published2011-09-02
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56046
    titleCentOS 4 : httpd (CESA-2011:1245)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7F6108D2CEA811E09D580800279895EA.NASL
    descriptionApache HTTP server project reports : A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by Apache HTTPD server.
    last seen2020-06-01
    modified2020-06-02
    plugin id56017
    published2011-08-31
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56017
    titleFreeBSD : apache -- Range header DoS vulnerability (7f6108d2-cea8-11e0-9d58-0800279895ea)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2011-01.NASL
    descriptionThe MITRE CVE database describes CVE-2011-3192 as : The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
    last seen2020-06-01
    modified2020-06-02
    plugin id69560
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69560
    titleAmazon Linux AMI : httpd (ALAS-2011-01)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2011-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id56481
    published2011-10-13
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56481
    titleMac OS X Multiple Vulnerabilities (Security Update 2011-006)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1245.NASL
    descriptionUpdated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56032
    published2011-09-01
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56032
    titleRHEL 4 / 5 / 6 : httpd (RHSA-2011:1245)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_APACHE2-111026.NASL
    descriptionThis update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack (CVE-2011-3192) was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. default: 200 0|unlimited: unlimited none: Range headers are ignored. This option is a backport from 2.2.21. Also fixed: CVE-2011-3348: Denial of service in proxy_ajp when using a undefined method. CVE-2011-3368: Exposure of internal servers via reverse proxy methods with mod_proxy enabled and incorrect Rewrite or Proxy Rules.
    last seen2020-06-01
    modified2020-06-02
    plugin id75426
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75426
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-7721.NASL
    descriptionThis update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. (CVE-2011-3192) It also fixes some non-security bugs : - take LimitRequestFieldsize config option into account when parsing headers from backend. Thereby avoid that the receiving buffers are too small. bnc#690734. - add / when on a directory to feed correctly linked listings. bnc#661597: * a2enmod shalt not disable a module in query mode. bnc#663359 - New option SSLRenegBufferSize fixes
    last seen2020-06-01
    modified2020-06-02
    plugin id56600
    published2011-10-24
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56600
    titleSuSE 10 Security Update : Apache (ZYPP Patch Number 7721)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_6_1_0_41.NASL
    descriptionIBM WebSphere Application Server 6.1 before Fix Pack 41 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A cross-site scripting vulnerability via vectors related to web messaging. (CVE-2011-5065) - A cross-site scripting vulnerability in the Installation Verification Test (IVT) in the Install component. (CVE-2011-1362) - The SibRaRecoverableSiXaResource class in the Default Messaging Component does not properly handle a Service Integration Bus (SIB) dump operation involving the Failure Data Capture (FFDC) introspection code. This can allow local users to obtain sensitive information by reading the FFDC log file. (CVE-2011-5066) - A directory traversal vulnerability in the administration console that allows remote attackers to read arbitrary files on the host. (CVE-2011-1359) - A potential Denial of Service with malicious range requests. (CVE-2011-3192) - An unspecified vulnerability in the Web Services Security component when enabling WS-Security for a JAX-WS application. (CVE-2011-1377)
    last seen2020-06-01
    modified2020-06-02
    plugin id57607
    published2012-01-19
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57607
    titleIBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-12715.NASL
    descriptionThis update includes the latest stable release of the Apache HTTP Server, version 2.2.21. Two security issues have been fixed : mod_proxy_ajp when combined with mod_proxy_balancer: Prevents unrecognized HTTP methods from marking ajp: balancer members in an error state, avoiding denial of service. (CVE-2011-3348) Fixes to the handling of byte-range requests to use less memory, to avoid denial of service. (CVE-2011-3192) A number of bugs have been fixed as well. See : http://www.apache.org/dist/httpd/CHANGES_2.2.21 http://www.apache.org/dist/httpd/CHANGES_2.2.20 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56217
    published2011-09-16
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56217
    titleFedora 15 : httpd-2.2.21-1.fc15 (2011-12715)
  • NASL familyMisc.
    NASL idJUNIPER_NSM_JSA10642.NASL
    descriptionThe remote host has one or more instances of NSM (Network and Security Manager) Server running, with version(s) prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities related to its Java and Apache installations.
    last seen2020-06-01
    modified2020-06-02
    plugin id77326
    published2014-08-22
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77326
    titleJuniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_APACHE2-110831.NASL
    descriptionThis update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges . (CVE-2011-3192)
    last seen2020-06-01
    modified2020-06-02
    plugin id75786
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75786
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2011:0993-1)

Oval

  • accepted2015-04-20T04:00:41.492-04:00
    classvulnerability
    contributors
    • nameYamini Mohan R
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • namePrashant Kumar
      organizationHewlett-Packard
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionThe byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
    familyunix
    idoval:org.mitre.oval:def:14762
    statusaccepted
    submitted2012-01-30T14:02:48.000-05:00
    titleHP-UX Apache Web Server, Remote Denial of Service (DoS)
    version49
  • accepted2015-04-20T04:00:42.506-04:00
    classvulnerability
    contributors
    • nameYamini Mohan R
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • namePrashant Kumar
      organizationHewlett-Packard
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionThe byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
    familyunix
    idoval:org.mitre.oval:def:14824
    statusaccepted
    submitted2012-01-30T13:51:11.000-05:00
    titleHP-UX Apache Web Server, Remote Denial of Service (DoS)
    version48
  • accepted2015-05-04T04:00:11.108-04:00
    classvulnerability
    contributors
    • nameSergey Artykhov
      organizationALTX-SOFT
    • nameMaria Mikhno
      organizationALTX-SOFT
    definition_extensions
    commentVisualSVN Server is installed
    ovaloval:org.mitre.oval:def:18636
    descriptionThe byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
    familywindows
    idoval:org.mitre.oval:def:18827
    statusaccepted
    submitted2013-10-02T13:00:00
    titleApache HTTP vulnerability 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 in VisualSVN Server (CVE-2011-3192)
    version8

Packetstorm

Redhat

advisories
  • bugzilla
    id732928
    titleCVE-2011-3192 httpd: multiple ranges DoS
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commenthttpd is earlier than 0:2.0.52-48.ent
            ovaloval:com.redhat.rhsa:tst:20111245001
          • commenthttpd is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159006
        • AND
          • commenthttpd-devel is earlier than 0:2.0.52-48.ent
            ovaloval:com.redhat.rhsa:tst:20111245003
          • commenthttpd-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159008
        • AND
          • commenthttpd-suexec is earlier than 0:2.0.52-48.ent
            ovaloval:com.redhat.rhsa:tst:20111245005
          • commenthttpd-suexec is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159002
        • AND
          • commenthttpd-manual is earlier than 0:2.0.52-48.ent
            ovaloval:com.redhat.rhsa:tst:20111245007
          • commenthttpd-manual is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159004
        • AND
          • commentmod_ssl is earlier than 1:2.0.52-48.ent
            ovaloval:com.redhat.rhsa:tst:20111245009
          • commentmod_ssl is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159010
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenthttpd is earlier than 0:2.2.3-53.el5_7.1
            ovaloval:com.redhat.rhsa:tst:20111245012
          • commenthttpd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556002
        • AND
          • commenthttpd-devel is earlier than 0:2.2.3-53.el5_7.1
            ovaloval:com.redhat.rhsa:tst:20111245014
          • commenthttpd-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556006
        • AND
          • commentmod_ssl is earlier than 1:2.2.3-53.el5_7.1
            ovaloval:com.redhat.rhsa:tst:20111245016
          • commentmod_ssl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556008
        • AND
          • commenthttpd-manual is earlier than 0:2.2.3-53.el5_7.1
            ovaloval:com.redhat.rhsa:tst:20111245018
          • commenthttpd-manual is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556004
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commenthttpd-manual is earlier than 0:2.2.15-9.el6_1.2
            ovaloval:com.redhat.rhsa:tst:20111245021
          • commenthttpd-manual is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245022
        • AND
          • commenthttpd-devel is earlier than 0:2.2.15-9.el6_1.2
            ovaloval:com.redhat.rhsa:tst:20111245023
          • commenthttpd-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245024
        • AND
          • commentmod_ssl is earlier than 1:2.2.15-9.el6_1.2
            ovaloval:com.redhat.rhsa:tst:20111245025
          • commentmod_ssl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245026
        • AND
          • commenthttpd is earlier than 0:2.2.15-9.el6_1.2
            ovaloval:com.redhat.rhsa:tst:20111245027
          • commenthttpd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245028
        • AND
          • commenthttpd-tools is earlier than 0:2.2.15-9.el6_1.2
            ovaloval:com.redhat.rhsa:tst:20111245029
          • commenthttpd-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245030
    rhsa
    idRHSA-2011:1245
    released2011-08-31
    severityImportant
    titleRHSA-2011:1245: httpd security update (Important)
  • bugzilla
    id732928
    titleCVE-2011-3192 httpd: multiple ranges DoS
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenthttpd-devel is earlier than 0:2.2.3-45.el5_6.2
            ovaloval:com.redhat.rhsa:tst:20111294001
          • commenthttpd-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556006
        • AND
          • commenthttpd is earlier than 0:2.2.3-45.el5_6.2
            ovaloval:com.redhat.rhsa:tst:20111294003
          • commenthttpd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556002
        • AND
          • commentmod_ssl is earlier than 1:2.2.3-45.el5_6.2
            ovaloval:com.redhat.rhsa:tst:20111294005
          • commentmod_ssl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556008
        • AND
          • commenthttpd-manual is earlier than 0:2.2.3-45.el5_6.2
            ovaloval:com.redhat.rhsa:tst:20111294007
          • commenthttpd-manual is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556004
    rhsa
    idRHSA-2011:1294
    released2011-09-14
    severityImportant
    titleRHSA-2011:1294: httpd security update (Important)
  • rhsa
    idRHSA-2011:1300
  • rhsa
    idRHSA-2011:1329
  • rhsa
    idRHSA-2011:1330
  • rhsa
    idRHSA-2011:1369
rpms
  • httpd-0:2.0.52-48.ent
  • httpd-0:2.2.15-9.el6_1.2
  • httpd-0:2.2.3-53.el5_7.1
  • httpd-debuginfo-0:2.0.52-48.ent
  • httpd-debuginfo-0:2.2.15-9.el6_1.2
  • httpd-debuginfo-0:2.2.3-53.el5_7.1
  • httpd-devel-0:2.0.52-48.ent
  • httpd-devel-0:2.2.15-9.el6_1.2
  • httpd-devel-0:2.2.3-53.el5_7.1
  • httpd-manual-0:2.0.52-48.ent
  • httpd-manual-0:2.2.15-9.el6_1.2
  • httpd-manual-0:2.2.3-53.el5_7.1
  • httpd-suexec-0:2.0.52-48.ent
  • httpd-tools-0:2.2.15-9.el6_1.2
  • mod_ssl-1:2.0.52-48.ent
  • mod_ssl-1:2.2.15-9.el6_1.2
  • mod_ssl-1:2.2.3-53.el5_7.1
  • httpd-0:2.2.15-5.el6_0.1
  • httpd-0:2.2.3-22.el5_3.3
  • httpd-0:2.2.3-45.el5_6.2
  • httpd-debuginfo-0:2.2.15-5.el6_0.1
  • httpd-debuginfo-0:2.2.3-22.el5_3.3
  • httpd-debuginfo-0:2.2.3-45.el5_6.2
  • httpd-devel-0:2.2.15-5.el6_0.1
  • httpd-devel-0:2.2.3-22.el5_3.3
  • httpd-devel-0:2.2.3-45.el5_6.2
  • httpd-manual-0:2.2.15-5.el6_0.1
  • httpd-manual-0:2.2.3-22.el5_3.3
  • httpd-manual-0:2.2.3-45.el5_6.2
  • httpd-tools-0:2.2.15-5.el6_0.1
  • mod_ssl-1:2.2.15-5.el6_0.1
  • mod_ssl-1:2.2.3-22.el5_3.3
  • mod_ssl-1:2.2.3-45.el5_6.2
  • httpd-0:2.0.46-78.ent
  • httpd-debuginfo-0:2.0.46-78.ent
  • httpd-devel-0:2.0.46-78.ent
  • mod_ssl-1:2.0.46-78.ent
  • httpd-0:2.2.17-13.2.ep5.el6
  • httpd-0:2.2.17-14.1.ep5.el5
  • httpd-debuginfo-0:2.2.17-13.2.ep5.el6
  • httpd-debuginfo-0:2.2.17-14.1.ep5.el5
  • httpd-devel-0:2.2.17-13.2.ep5.el6
  • httpd-devel-0:2.2.17-14.1.ep5.el5
  • httpd-manual-0:2.2.17-13.2.ep5.el6
  • httpd-manual-0:2.2.17-14.1.ep5.el5
  • httpd-tools-0:2.2.17-13.2.ep5.el6
  • httpd22-0:2.2.17-16.ep5.el4
  • httpd22-apr-0:2.2.17-16.ep5.el4
  • httpd22-apr-devel-0:2.2.17-16.ep5.el4
  • httpd22-apr-util-0:2.2.17-16.ep5.el4
  • httpd22-apr-util-devel-0:2.2.17-16.ep5.el4
  • httpd22-debuginfo-0:2.2.17-16.ep5.el4
  • httpd22-devel-0:2.2.17-16.ep5.el4
  • httpd22-manual-0:2.2.17-16.ep5.el4
  • mod_ssl-1:2.2.17-13.2.ep5.el6
  • mod_ssl-1:2.2.17-14.1.ep5.el5
  • mod_ssl22-1:2.2.17-16.ep5.el4
  • httpd-0:2.2.13-3.el5s2
  • httpd-debuginfo-0:2.2.13-3.el5s2
  • httpd-devel-0:2.2.13-3.el5s2
  • httpd-manual-0:2.2.13-3.el5s2
  • mod_ssl-1:2.2.13-3.el5s2

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:26043
    last seen2017-11-19
    modified2011-12-09
    published2011-12-09
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-26043
    titleApache Range Header Denial Of Service
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:72403
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-72403
    titleApache HTTP Server Denial of Service
  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 49303 CVE ID: CVE-2011-3192 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器,可以在大多数电脑操作系统中运行,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server在处理Range选项生成回应时存在漏洞,远程攻击者可能利用此漏洞通过发送恶意请求导致服务器失去响应,导致拒绝服务。 此漏洞源于Apache HTTP Server在处理Range头选项中包含的大量重叠范围指定命令时存在的问题,攻击者可通过发送到服务器的特制HTTTP请求耗尽系统资源,导致Apache失去响应,甚至造成操作系统资源耗尽。 Apache 2.x Apache 1.3 临时解决方法: 在厂商提供官方补丁或新版本软件之前,建议用户采用如下的配置方案之一以尽可能免受漏洞的影响: * 使用SetEnvIf配置命令来忽略畸形的Ranger选项,适用于Apache 2.0和2.2 。 修改Apache的配置文件httpd.conf。 去掉如下行的注释: LoadModule headers_module modules/mod_headers.so 增加如下行的配置命令: SetEnvIf Range (,.*?){5,} bad-range=1 RequestHeader unset Range env=bad-range 重启Apache服务器。 * 安装启用mod_rewrite,设置规则过滤规则禁止带有畸形的Ranger选项的请求,适用于所有版本的 Apache 。 修改Apache的配置文件httpd.conf。 去掉如下行的注释: LoadModule rewrite_module modules/mod_rewrite.so 加入如下的mod_rewrite的规则配置行: RewriteEngine on RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) RewriteRule .* - [F] 重启Apache服务器。 上述两种配置会禁止Range选项包含超过5个范围指定命令的请求,在通常应用场景中对Web应用应该不会有什么影响,如果Web应用提供PDF数据或流媒体信息,可能需要调整阈值到更大的数值。 厂商补丁: Apache Group ------------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.apache.org
    idSSV:20899
    last seen2017-11-19
    modified2011-08-26
    published2011-08-26
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-20899
    titleApache HTTP Server畸形Range选项处理远程拒绝服务漏洞

References