Apache Range Header DoS (CVE-2011-3192)
- Risk:
Medium
- Type:
- Active
- CWE:
- CWE-400
- Summary
The byterange filter in earlier versions of the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU exhaustion) via a Range request header that identifies multiple overlapping ranges. This issue was exploited in the wild in August 2011.Produced too many false positives and is no longer relevant.
- Solution
Upgrade your Apache server to a currently stable version. Alternative solutions or workarounds are outlined in the references.
Free security scan for your website