CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Published: Aug 29, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-3192
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
apache / http_server	2.2.0	2.2.20
apache / http_server	2.0.35	2.0.65
suse / linux_enterprise_server	11-sp1	11-sp1.x
opensuse / opensuse	11.4	11.4.x
opensuse / opensuse	11.3	11.3.x
suse / linux_enterprise_software_development_kit	10-sp4	10-sp4.x
suse / linux_enterprise_software_development_kit	10-sp3	10-sp3.x
suse / linux_enterprise_server	10-sp4	10-sp4.x
suse / linux_enterprise_software_development_kit	11-sp1	11-sp1.x
suse / linux_enterprise_server	10-sp2	10-sp2.x
suse / linux_enterprise_server	10-sp3	10-sp3.x
canonical / ubuntu_linux	10.10	10.10.x
canonical / ubuntu_linux	11.04	11.04.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	10.04	10.04.x

Vulnerability Database

289,599

CVE-2011-3192