CVE-2011-3192
Published: 29 August 2011
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Notes
| Author | Note |
|---|---|
| jdstrand | regression on streaming videos from apache in Debian Bug #639825 |
| sbeattie | am unable to reproduce the streaming videos regression with mplayer from oneiric/amd64, natty/amd64, maverick/i386 and hardy/amd64 against a maverick/i386 server with the pending apache update installed. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
apache2 Launchpad, Ubuntu, Debian |
hardy |
Released
(2.2.8-1ubuntu0.21)
|
| lucid |
Released
(2.2.14-5ubuntu8.6)
|
|
| maverick |
Released
(2.2.16-1ubuntu3.3)
|
|
| natty |
Released
(2.2.17-1ubuntu1.2)
|
|
| upstream |
Released
(2.2.20-1)
|
|
|
Patches: vendor: http://www.debian.org/security/2011/dsa-2298 debian: http://anonscm.debian.org/viewvc/pkg-apache/trunk/apache2/patches/083_CVE-2011-3192.dpatch?view=markup |
||
References
- http://marc.info/?t=131379269200002&r=1&w=2
- http://marc.info/?t=131409787700005&r=1&w=2
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639825
- http://marc.info/?l=apache-httpd-dev&m=131473034627316&w=2
- https://ubuntu.com/security/notices/USN-1199-1
- https://www.cve.org/CVERecord?id=CVE-2011-3192
- NVD
- Launchpad
- Debian