CVE-2011-3192

Published: Aug 29, 2011Modified: Apr 29, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Affected (16)

Products: Apache: Http Server · Opensuse: Opensuse · Suse: Linux Enterprise Server, Linux Enterprise Software Development Kit · +1 more

Show all products

Apache: Http Server · Opensuse: Opensuse · Suse: Linux Enterprise Server, Linux Enterprise Software Development Kit · Canonical: Ubuntu Linux

1 product

1 product

2 products

Linux Enterprise Server

Linux Enterprise Software Development Kit

Canonical

1 product

Ubuntu Linux

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.0.35 to 2.0.65
Apache Http Server	From 2.2.0 to 2.2.20

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.3
Opensuse Opensuse	Version 11.4
Suse Linux Enterprise Server	Version 10 sp2
Suse Linux Enterprise Server	Version 10 sp3
Suse Linux Enterprise Server	Version 10 sp4
Suse Linux Enterprise Server	Version 11 sp1
Suse Linux Enterprise Server	Version 11 sp1
Suse Linux Enterprise Software Development Kit	Version 10 sp3
Suse Linux Enterprise Software Development Kit	Version 10 sp4
Suse Linux Enterprise Software Development Kit	Version 11 sp1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 10.10
Canonical Ubuntu Linux	Version 11.04
Canonical Ubuntu Linux	Version 8.04

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (144)

http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html

Source: secalert@redhat.com

Broken Link

http://blogs.oracle.com/security/entry/security_alert_for_cve_2011

Source: secalert@redhat.com

Broken Link

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

Source: secalert@redhat.com

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD%40minotaur.apache.org%3e

Source: secalert@redhat.com

http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g%40mail.gmail.com%3e

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=131551295528105&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=131731002122529&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=132033751509019&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=133477473521382&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=133951357207000&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=134987041210674&w=2

Source: secalert@redhat.com

Issue TrackingMailing List

http://osvdb.org/74721

Source: secalert@redhat.com

Broken Link

http://seclists.org/fulldisclosure/2011/Aug/175

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

http://secunia.com/advisories/45606

Source: secalert@redhat.com

Not ApplicableVendor Advisory

http://secunia.com/advisories/45937

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/46000

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/46125

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/46126

Source: secalert@redhat.com

Not Applicable

http://securitytracker.com/id?1025960

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://support.apple.com/kb/HT5002

Source: secalert@redhat.com

Third Party Advisory

http://www.apache.org/dist/httpd/Announcement2.2.html

Source: secalert@redhat.com

Broken Link

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml

Source: secalert@redhat.com

Third Party Advisory

http://www.exploit-db.com/exploits/17696

Source: secalert@redhat.com

ExploitThird Party AdvisoryVDB Entry

http://www.gossamer-threads.com/lists/apache/dev/401638

Source: secalert@redhat.com

Third Party Advisory

http://www.kb.cert.org/vuls/id/405811

Source: secalert@redhat.com

Third Party AdvisoryUS Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2011:130

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: secalert@redhat.com

Broken Link

http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-1245.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-1294.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-1300.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-1329.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-1330.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-1369.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/49303

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1199-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=732928

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/69396

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Source: secalert@redhat.com

Third Party Advisory

https://issues.apache.org/bugzilla/show_bug.cgi?id=51714

Source: secalert@redhat.com

ExploitIssue TrackingVendor Advisory

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827

Source: secalert@redhat.com

Third Party Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html