{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2011-3192", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "17696", "refsource" : "EXPLOIT-DB", "url" : "http://www.exploit-db.com/exploits/17696" }, { "name" : "20110820 Apache Killer", "refsource" : "FULLDISC", "url" : "http://seclists.org/fulldisclosure/2011/Aug/175" }, { "name" : "20110824 Re: Apache Killer", "refsource" : "FULLDISC", "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html" }, { "name" : "[announce] 20110824 Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x \\(CVE-2011-3192\\)", "refsource" : "MLIST", "url" : "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3e" }, { "name" : "[dev] 20110823 Re: DoS with mod_deflate & range requests", "refsource" : "MLIST", "url" : "http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e" }, { "name" : "http://www.gossamer-threads.com/lists/apache/dev/401638", "refsource" : "CONFIRM", "url" : "http://www.gossamer-threads.com/lists/apache/dev/401638" }, { "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=732928", "refsource" : "CONFIRM", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=732928" }, { "name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=51714", "refsource" : "CONFIRM", "url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=51714" }, { "name" : "http://blogs.oracle.com/security/entry/security_alert_for_cve_2011", "refsource" : "CONFIRM", "url" : "http://blogs.oracle.com/security/entry/security_alert_for_cve_2011" }, { "name" : "http://www.apache.org/dist/httpd/Announcement2.2.html", "refsource" : "CONFIRM", "url" : "http://www.apache.org/dist/httpd/Announcement2.2.html" }, { "name" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html" }, { "name" : "http://support.apple.com/kb/HT5002", "refsource" : "CONFIRM", "url" : "http://support.apple.com/kb/HT5002" }, { "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" }, { "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource" : "CONFIRM", "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name" : "APPLE-SA-2011-10-12-3", "refsource" : "APPLE", "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" }, { "name" : "20110830 Apache HTTPd Range Header Denial of Service Vulnerability", "refsource" : "CISCO", "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml" }, { "name" : "HPSBUX02702", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=131551295528105&w=2" }, { "name" : "HPSBUX02707", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=131731002122529&w=2" }, { "name" : "SSRT100606", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=131551295528105&w=2" }, { "name" : "SSRT100626", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=131731002122529&w=2" }, { "name" : "HPSBMU02704", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=132033751509019&w=2" }, { "name" : "HPSBOV02822", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=134987041210674&w=2" }, { "name" : "SSRT100966", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=134987041210674&w=2" }, { "name" : "HPSBMU02766", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=133477473521382&w=2" }, { "name" : "HPSBMU02776", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" }, { "name" : "SSRT100619", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=132033751509019&w=2" }, { "name" : "SSRT100624", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=133477473521382&w=2" }, { "name" : "SSRT100852", "refsource" : "HP", "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" }, { "name" : "MDVSA-2011:130", "refsource" : "MANDRIVA", "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:130" }, { "name" : "MDVSA-2013:150", "refsource" : "MANDRIVA", "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "name" : "RHSA-2011:1245", "refsource" : "REDHAT", "url" : "http://www.redhat.com/support/errata/RHSA-2011-1245.html" }, { "name" : "RHSA-2011:1294", "refsource" : "REDHAT", "url" : "http://www.redhat.com/support/errata/RHSA-2011-1294.html" }, { "name" : "RHSA-2011:1300", "refsource" : "REDHAT", "url" : "http://www.redhat.com/support/errata/RHSA-2011-1300.html" }, { "name" : "RHSA-2011:1329", "refsource" : "REDHAT", "url" : "http://www.redhat.com/support/errata/RHSA-2011-1329.html" }, { "name" : "RHSA-2011:1330", "refsource" : "REDHAT", "url" : "http://www.redhat.com/support/errata/RHSA-2011-1330.html" }, { "name" : "RHSA-2011:1369", "refsource" : "REDHAT", "url" : "http://www.redhat.com/support/errata/RHSA-2011-1369.html" }, { "name" : "SUSE-SU-2011:1000", "refsource" : "SUSE", "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html" }, { "name" : "SUSE-SU-2011:1007", "refsource" : "SUSE", "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html" }, { "name" : "SUSE-SU-2011:1010", "refsource" : "SUSE", "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html" }, { "name" : "openSUSE-SU-2011:0993", "refsource" : "SUSE", "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html" }, { "name" : "SUSE-SU-2011:1216", "refsource" : "SUSE", "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html" }, { "name" : "SUSE-SU-2011:1229", "refsource" : "SUSE", "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html" }, { "name" : "USN-1199-1", "refsource" : "UBUNTU", "url" : "http://www.ubuntu.com/usn/USN-1199-1" }, { "name" : "VU#405811", "refsource" : "CERT-VN", "url" : "http://www.kb.cert.org/vuls/id/405811" }, { "name" : "49303", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/49303" }, { "name" : "74721", "refsource" : "OSVDB", "url" : "http://osvdb.org/74721" }, { "name" : "oval:org.mitre.oval:def:14762", "refsource" : "OVAL", "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762" }, { "name" : "oval:org.mitre.oval:def:14824", "refsource" : "OVAL", "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824" }, { "name" : "oval:org.mitre.oval:def:18827", "refsource" : "OVAL", "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827" }, { "name" : "1025960", "refsource" : "SECTRACK", "url" : "http://securitytracker.com/id?1025960" }, { "name" : "45606", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/45606" }, { "name" : "45937", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/45937" }, { "name" : "46000", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/46000" }, { "name" : "46125", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/46125" }, { "name" : "46126", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/46126" }, { "name" : "apache-http-byterange-dos(69396)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69396" } ] } }