⚠ Exploited in the wild

Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2011-3192 — Uncontrolled Resource Consumption in Apache Http Server

CWE-400 — Uncontrolled Resource Consumption15 documents12 sources

Severity

7.8HIGHNVD

EPSS

90.5%

top 0.39%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apache Http Server Tripodworks CO LTD Gigapod 2010 Gigapod 3 Appliance Model Tripodworks CO LTD Gigapod 2010 Gigapod 3 Software Model +5 more

Timeline

PublishedAug 29

Latest updateMay 13

Description

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages7 packages

▶NVDapache/http_server2.0.35 — 2.0.65+1

▶NVDsuse/linux_enterprise_server10, 11+1

▶NVDopensuse/opensuse11.3, 11.4+1

▶NVDsuse/linux_enterprise_software_development_kit10, 11+1

▶CVEListV5tripodworks_co_ltd/gigapod_officehard_appliance_modelversions 3.04.03 and earlier

Also affects: Ubuntu Linux 10.04, 10.10, 11.04, 8.04

🔴Vulnerability Details

GHSA

GHSA-r3pv-69hm-fcjw: The byterange filter in the Apache HTTP Server 1↗2022-05-13

▶

OSV

CVE-2011-3192: The byterange filter in the Apache HTTP Server 1↗2011-08-29

▶

CVEList

CVE-2011-3192: The byterange filter in the Apache HTTP Server 1↗2011-08-29

▶

VulnCheck

Apache HTTP Server Uncontrolled Resource Consumption↗2011

▶

💥Exploits & PoCs

Exploit-DB

Apache - Denial of Service↗2011-12-09

▶

Exploit-DB

Apache - Remote Memory Exhaustion (Denial of Service)↗2011-08-19

▶

📋Vendor Advisories

Ubuntu

Apache vulnerability↗2011-09-01

▶

Red Hat

httpd: multiple ranges DoS↗2011-08-20

▶

Debian

CVE-2011-3192: apache2 - The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and ...↗2011

▶

Apache

Apache httpd: CVE-2011-3192↗

▶

💬Community

HackerOne

grtp.co is vulnerable to http-vuln-cve2011-3192↗2016-02-12

▶

Bugzilla

CVE-2011-3192 httpd: multiple ranges DoS [fedora-all]↗2011-08-25

▶

Bugzilla

CVE-2011-3192 httpd: multiple ranges DoS↗2011-08-24

▶