CVE-2011-3192
published 2011-08-29CVE-2011-3192: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service…
high7.8CVSS 3.1
AVNACLAuNCNINAC
ITWEXPLOIT
Exploited in the wild
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | >= 2.0.35 < 2.0.65 | 2.0.65 |
| apache | http_server | >= 2.2.0 < 2.2.20 | 2.2.20 |
| apache | httpd | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | apache2 | < apache2 2.2.19-2 (bookworm) | apache2 2.2.19-2 (bookworm) |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| tripodworks | gigapod_2010_firmware | <= 3.01.02 | — |
| tripodworks | gigapod_3_firmware | <= 3.01.02 | — |
| tripodworks | gigapod_officehard_firmware | <= 3.04.03 | — |
| tripodworks_co_ltd | gigapod_2010_gigapod_3_appliance_model | — | — |
| tripodworks_co_ltd | gigapod_2010_gigapod_3_software_model | — | — |
| tripodworks_co_ltd | gigapod_officehard_appliance_model | — | — |
CVSS provenance
nvd7.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.8HIGH
vulncheck7.8HIGH