National Vulnerability Database (NVD) National Vulnerability Database (CVE-2011-3192)

National Cyber Awareness System

Vulnerability Summary for CVE-2011-3192

Original release date:08/29/2011

Last revised:10/30/2012

Source: US-CERT/NIST

Overview

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) (legend)

Impact Subscore: 6.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows disruption of serviceUnknown

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#405811

Name: VU#405811

Hyperlink:http://www.kb.cert.org/vuls/id/405811

External Source: MLIST

Name: [dev] 20110823 Re: DoS with mod_deflate & range requests

Type: Patch Information

Hyperlink:http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e

External Source: CONFIRM

Name: https://issues.apache.org/bugzilla/show_bug.cgi?id=51714

Hyperlink:https://issues.apache.org/bugzilla/show_bug.cgi?id=51714

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=732928

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=732928

External Source: XF

Name: apache-http-byterange-dos(69396)

Hyperlink:http://xforce.iss.net/xforce/xfdb/69396

External Source: UBUNTU

Name: USN-1199-1

Hyperlink:http://www.ubuntu.com/usn/USN-1199-1

External Source: BID

Name: 49303

Hyperlink:http://www.securityfocus.com/bid/49303

External Source: REDHAT

Name: RHSA-2011:1369

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1369.html

External Source: REDHAT

Name: RHSA-2011:1330

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1330.html

External Source: REDHAT

Name: RHSA-2011:1329

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1329.html

External Source: REDHAT

Name: RHSA-2011:1300

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1300.html

External Source: REDHAT

Name: RHSA-2011:1294

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1294.html

External Source: REDHAT

Name: RHSA-2011:1245

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-1245.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html

External Source: MANDRIVA

Name: MDVSA-2011:130

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:130

External Source: CONFIRM

Name: http://www.gossamer-threads.com/lists/apache/dev/401638

Hyperlink:http://www.gossamer-threads.com/lists/apache/dev/401638

External Source: EXPLOIT-DB

Name: 17696

Hyperlink:http://www.exploit-db.com/exploits/17696

External Source: CISCO

Name: 20110830 Apache HTTPd Range Header Denial of Service Vulnerability

Hyperlink:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml

External Source: CONFIRM

Name: http://www.apache.org/dist/httpd/Announcement2.2.html

Hyperlink:http://www.apache.org/dist/httpd/Announcement2.2.html

External Source: CONFIRM

Name: http://support.apple.com/kb/HT5002

Hyperlink:http://support.apple.com/kb/HT5002

External Source: SECTRACK

Name: 1025960

Hyperlink:http://securitytracker.com/id?1025960

External Source: SECUNIA

Name: 46126

Hyperlink:http://secunia.com/advisories/46126

External Source: SECUNIA

Name: 46125

Hyperlink:http://secunia.com/advisories/46125

External Source: SECUNIA

Name: 46000

Hyperlink:http://secunia.com/advisories/46000

External Source: SECUNIA

Name: 45937

Hyperlink:http://secunia.com/advisories/45937

External Source: SECUNIA

Name: 45606

Type: Advisory

Hyperlink:http://secunia.com/advisories/45606

External Source: FULLDISC

Name: 20110820 Apache Killer

Hyperlink:http://seclists.org/fulldisclosure/2011/Aug/175

External Source: OVAL

Name: oval:org.mitre.oval:def:14824

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14824

External Source: OVAL

Name: oval:org.mitre.oval:def:14762

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14762

External Source: OSVDB

Name: 74721

Hyperlink:http://osvdb.org/74721

External Source: HP

Name: HPSBOV02822

Hyperlink:http://marc.info/?l=bugtraq&m=134987041210674&w=2

External Source: HP

Name: SSRT100966

Hyperlink:http://marc.info/?l=bugtraq&m=134987041210674&w=2

External Source: HP

Name: HPSBMU02704

Hyperlink:http://marc.info/?l=bugtraq&m=132033751509019&w=2

External Source: HP

Name: SSRT100626

Hyperlink:http://marc.info/?l=bugtraq&m=131731002122529&w=2

External Source: HP

Name: HPSBUX02707

Hyperlink:http://marc.info/?l=bugtraq&m=131731002122529&w=2

External Source: HP

Name: HPSBUX02702

Hyperlink:http://marc.info/?l=bugtraq&m=131551295528105&w=2

External Source: HP

Name: SSRT100606

Hyperlink:http://marc.info/?l=bugtraq&m=131551295528105&w=2

External Source: MLIST

Name: [announce] 20110824 Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x \(CVE-2011-3192\)

Type: Advisory

Hyperlink:http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3e

External Source: SUSE

Name: SUSE-SU-2011:1229

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

External Source: SUSE

Name: SUSE-SU-2011:1216

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html

External Source: SUSE

Name: SUSE-SU-2011:1010

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html

External Source: SUSE

Name: SUSE-SU-2011:1007

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html

External Source: SUSE

Name: SUSE-SU-2011:1000

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html

External Source: SUSE

Name: openSUSE-SU-2011:0993

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html

External Source: APPLE

Name: APPLE-SA-2011-10-12-3

Hyperlink:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

External Source: CONFIRM

Name: http://blogs.oracle.com/security/entry/security_alert_for_cve_2011

Hyperlink:http://blogs.oracle.com/security/entry/security_alert_for_cve_2011

External Source: FULLDISC

Name: 20110824 Re: Apache Killer

Hyperlink:http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html

Vulnerable software and versions

Configuration 1

* cpe:/a:apache:http_server:1.3.35

* cpe:/a:apache:http_server:1.3.20

* cpe:/a:apache:http_server:1.3.34

* cpe:/a:apache:http_server:1.3.2

* cpe:/a:apache:http_server:1.3.36

* cpe:/a:apache:http_server:1.3.39

* cpe:/a:apache:http_server:1.3.10

* cpe:/a:apache:http_server:1.3.16

* cpe:/a:apache:http_server:1.3.15

* cpe:/a:apache:http_server:1.3.13

* cpe:/a:apache:http_server:1.3.19

* cpe:/a:apache:http_server:1.3.18

* cpe:/a:apache:http_server:1.3.17

* cpe:/a:apache:http_server:1.3.14

* cpe:/a:apache:http_server:1.3.41

* cpe:/a:apache:http_server:1.3.37

* cpe:/a:apache:http_server:1.3.0

* cpe:/a:apache:http_server:1.3.38

* cpe:/a:apache:http_server:1.3.24

* cpe:/a:apache:http_server:1.3.25

* cpe:/a:apache:http_server:1.3.22

* cpe:/a:apache:http_server:1.3.23

* cpe:/a:apache:http_server:1.3.27

* cpe:/a:apache:http_server:1.3.26

* cpe:/a:apache:http_server:1.3.65

* cpe:/a:apache:http_server:1.3.1

* cpe:/a:apache:http_server:1.3.11

* cpe:/a:apache:http_server:1.3.12

* cpe:/a:apache:http_server:1.3.68

* cpe:/a:apache:http_server:1.3.28

* cpe:/a:apache:http_server:1.3.29

* cpe:/a:apache:http_server:1.3.3

* cpe:/a:apache:http_server:1.3.30

* cpe:/a:apache:http_server:1.3.31

* cpe:/a:apache:http_server:1.3

* cpe:/a:apache:http_server:1.3.32

* cpe:/a:apache:http_server:1.3.33

* cpe:/a:apache:http_server:1.3.1.1

* cpe:/a:apache:http_server:1.3.4

* cpe:/a:apache:http_server:1.3.5

* cpe:/a:apache:http_server:1.3.6

* cpe:/a:apache:http_server:1.3.42

* cpe:/a:apache:http_server:1.3.8

* cpe:/a:apache:http_server:1.3.7

* cpe:/a:apache:http_server:1.3.9

Configuration 2

* cpe:/a:apache:http_server:2.0.61

* cpe:/a:apache:http_server:2.0.58

* cpe:/a:apache:http_server:2.0.55

* cpe:/a:apache:http_server:2.0.54

* cpe:/a:apache:http_server:2.0.57

* cpe:/a:apache:http_server:2.0.56

* cpe:/a:apache:http_server:2.0.51

* cpe:/a:apache:http_server:2.0.50

* cpe:/a:apache:http_server:2.0.53

* cpe:/a:apache:http_server:2.0.52

* cpe:/a:apache:http_server:2.0.47

* cpe:/a:apache:http_server:2.0.46

* cpe:/a:apache:http_server:2.0.49

* cpe:/a:apache:http_server:2.0.48

* cpe:/a:apache:http_server:2.0.43

* cpe:/a:apache:http_server:2.0.42

* cpe:/a:apache:http_server:2.0.45

* cpe:/a:apache:http_server:2.0.44

* cpe:/a:apache:http_server:2.0.59

* cpe:/a:apache:http_server:2.0.63

* cpe:/a:apache:http_server:2.0.9

* cpe:/a:apache:http_server:2.0.60

* cpe:/a:apache:http_server:2.0

* cpe:/a:apache:http_server:2.0.28:beta

* cpe:/a:apache:http_server:2.0.28

* cpe:/a:apache:http_server:2.0.32:beta

* cpe:/a:apache:http_server:2.0.32

* cpe:/a:apache:http_server:2.0.35

* cpe:/a:apache:http_server:2.0.34:beta

* cpe:/a:apache:http_server:2.0.37

* cpe:/a:apache:http_server:2.0.36

* cpe:/a:apache:http_server:2.0.39

* cpe:/a:apache:http_server:2.0.38

* cpe:/a:apache:http_server:2.0.41

* cpe:/a:apache:http_server:2.0.40

* cpe:/a:apache:http_server:2.0.64

Configuration 3

* cpe:/a:apache:http_server:2.2.1

* cpe:/a:apache:http_server:2.2.6

* cpe:/a:apache:http_server:2.2.11

* cpe:/a:apache:http_server:2.2.9

* cpe:/a:apache:http_server:2.2.10

* cpe:/a:apache:http_server:2.2.8

* cpe:/a:apache:http_server:2.2.13

* cpe:/a:apache:http_server:2.2.3

* cpe:/a:apache:http_server:2.2.12

* cpe:/a:apache:http_server:2.2.0

* cpe:/a:apache:http_server:2.2.16

* cpe:/a:apache:http_server:2.2.15

* cpe:/a:apache:http_server:2.2.2

* cpe:/a:apache:http_server:2.2.4

* cpe:/a:apache:http_server:2.2.18

* cpe:/a:apache:http_server:2.2.14

* cpe:/a:apache:http_server:2.2.19

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Resource Management Errors (CWE-399)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192