Apache Range Header DoS (CVE-2011-3192)

Risk:
Medium

Type:
Active

CWE:
CWE-400

Summary: The byterange filter in earlier versions of the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU exhaustion) via a Range request header that identifies multiple overlapping ranges. This issue was exploited in the wild in August 2011.Produced too many false positives and is no longer relevant.

Solution: Upgrade your Apache server to a currently stable version. Alternative solutions or workarounds are outlined in the references.

References

https://httpd.apache.org/security/CVE-2011-3192.txt

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3192

Free security scan for your website

Don't show website scan report rating on the leaderboard