A flaw was found in the way the Apache HTTP Server handled Range HTTP
headers. A remote attacker could use this flaw to cause httpd to use an
excessive amount of memory and CPU time via HTTP requests with a
specially-crafted Range header. (CVE-2011-3192)

All httpd users should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5i386httpd< 2.2.13-3.el5s2httpd-2.2.13-3.el5s2.i386.rpm
RedHat5i386mod_ssl< 2.2.13-3.el5s2mod_ssl-2.2.13-3.el5s2.i386.rpm
RedHat5x86_64mod_ssl< 2.2.13-3.el5s2mod_ssl-2.2.13-3.el5s2.x86_64.rpm
RedHat5i386httpd-manual< 2.2.13-3.el5s2httpd-manual-2.2.13-3.el5s2.i386.rpm
RedHat5x86_64httpd-devel< 2.2.13-3.el5s2httpd-devel-2.2.13-3.el5s2.x86_64.rpm
RedHat5x86_64httpd< 2.2.13-3.el5s2httpd-2.2.13-3.el5s2.x86_64.rpm
RedHat5i386httpd-devel< 2.2.13-3.el5s2httpd-devel-2.2.13-3.el5s2.i386.rpm
RedHat5x86_64httpd-manual< 2.2.13-3.el5s2httpd-manual-2.2.13-3.el5s2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	i386	httpd	< 2.2.13-3.el5s2	httpd-2.2.13-3.el5s2.i386.rpm
RedHat	5	i386	mod_ssl	< 2.2.13-3.el5s2	mod_ssl-2.2.13-3.el5s2.i386.rpm
RedHat	5	x86_64	mod_ssl	< 2.2.13-3.el5s2	mod_ssl-2.2.13-3.el5s2.x86_64.rpm
RedHat	5	i386	httpd-manual	< 2.2.13-3.el5s2	httpd-manual-2.2.13-3.el5s2.i386.rpm
RedHat	5	x86_64	httpd-devel	< 2.2.13-3.el5s2	httpd-devel-2.2.13-3.el5s2.x86_64.rpm
RedHat	5	x86_64	httpd	< 2.2.13-3.el5s2	httpd-2.2.13-3.el5s2.x86_64.rpm
RedHat	5	i386	httpd-devel	< 2.2.13-3.el5s2	httpd-devel-2.2.13-3.el5s2.i386.rpm
RedHat	5	x86_64	httpd-manual	< 2.2.13-3.el5s2	httpd-manual-2.2.13-3.el5s2.x86_64.rpm

freebsd 1

suse 8

openvas 49

httpd 2

hackerone 3

redhat 9

altlinux 3

debian 5

cert 1

packetstorm 3

ibm 2

exploitpack 1

nessus 41

checkpoint_security 1

checkpoint_advisories 2

seebug 3

centos 2

cisa 1

zdt 1

f5 2

veracode 1

threatpost 2

fedora 2

amazon 1

slackware 2

securityvulns 10

ubuntu 1

oraclelinux 2

debiancve 1

cvelist 2

cve 2

prion 2

nvd 2

osv 1

jvn 1

ubuntucve 1

exploitdb 1

nmap 1

attackerkb 1

kaspersky 1

gentoo 1

oracle 3

freebsd

apache -- Range header DoS vulnerability

2011-08-24 00:00:00

suse

apache2: Fixed a remote denial of service via byte-ranges (important)

2011-09-02 18:08:23

Security update for Apache (important)

2011-09-06 18:08:19

Security update for Apache (important)

2011-09-06 10:08:12

openvas

Slackware: Security Advisory (SSA:2011-252-01)

2012-09-10 00:00:00

RedHat Update for httpd RHSA-2011:1294-01

2011-09-16 00:00:00

RedHat Update for httpd RHSA-2011:1245-01

2011-09-07 00:00:00

httpd

Apache Httpd < 2.2.20 : Range header remote DoS

2011-08-20 00:00:00

Apache Httpd < 2.0.65 : Range header remote DoS

2011-08-20 00:00:00

hackerone

ownCloud: Apache Range Header Denial of Service Attack (Confirmed PoC)

2015-09-14 22:55:12

Gratipay: grtp.co is vulnerable to http-vuln-cve2011-3192

2016-01-25 13:01:41

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

redhat

(RHSA-2011:1330) Important: JBoss Enterprise Web Server 1.0.2 security update

2011-09-21 16:00:45

(RHSA-2011:1294) Important: httpd security update

2011-09-14 00:00:00

(RHSA-2011:1245) Important: httpd security update

2011-08-31 00:00:00

altlinux

Security fix for the ALT Linux 9 package apache2 version 2.2.20-alt1

2011-08-31 00:00:00

Security fix for the ALT Linux 10 package apache2 version 2.2.20-alt1

2011-08-31 00:00:00

Security fix for the ALT Linux 8 package apache2 version 2.2.20-alt1

2011-08-31 00:00:00

debian

[BSA-049] Security Update for apache2

2011-09-06 02:06:51

[SECURITY] [DSA 2298-2] apache2 regression fix

2011-09-05 19:20:44

[SECURITY] [DSA 2298-1] apache2 security update

2011-08-29 21:16:25

cert

Apache HTTPD 1.3/2.x Range header DoS vulnerability

2011-08-26 00:00:00

packetstorm

Obehotel CMS Denial Of Service / SQL Injection

2013-08-26 00:00:00

Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS

2013-10-07 00:00:00

ProtonMail.ch Header Injection / CSRF

2014-05-30 00:00:00

ibm

Security Bulletin: API Connect is affected by an Apache HTTP Server vulnerability (CVE-2011-3192)

2018-06-15 07:07:54

Security Bulletin: Potential security exposure with IBM HTTP Server 8.0 and earlier (PM46234) (CVE-2011-3192)

2022-09-08 00:26:26

exploitpack

Apache - Denial of Service

2011-12-09 00:00:00

nessus

Amazon Linux AMI : httpd (ALAS-2011-1)

2014-10-12 00:00:00

RHEL 4 / 5 / 6 : httpd (RHSA-2011:1245)

2011-09-01 00:00:00

openSUSE Security Update : apache2 (openSUSE-SU-2011:0993-1)

2014-06-13 00:00:00

checkpoint_security

Check Point Response to Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

2011-08-24 21:00:00

checkpoint_advisories

Apache HTTPD Ranges Header Field Denial of Service (CVE-2011-3192)

2011-09-14 00:00:00

Apache HTTPD Ranges Header Field Denial of Service - ver 2 (CVE-2011-3192)

2010-02-25 00:00:00

seebug

Apache Range Header Denial Of Service

2011-12-09 00:00:00

Apache HTTP Server畸形Range选项处理远程拒绝服务漏洞

2011-08-26 00:00:00

Apache HTTP Server Denial of Service

2014-07-01 00:00:00

centos

httpd, mod_ssl security update

2011-09-01 11:41:08

httpd, mod_ssl security update

2011-10-20 21:19:56

cisa

Oracle Releases Security Alert for Oracle HTTP Server Products

2011-09-19 00:00:00

zdt

Obehotel CMS SQL Injection Vulnerability

2013-08-27 00:00:00

SOL13114 - Apache Range header vulnerability - CVE-2011-3192

2011-10-06 00:00:00

K13114 : Apache Range header vulnerability - CVE-2011-3192

2013-09-12 00:00:00

veracode

Denial Of Service (DoS)

2020-04-10 01:02:22

threatpost

Apache Fixes Range Header DoS Flaw

2011-08-31 10:30:00

Apache Releases Version 2.2.21 With New Fix For Range Header Flaw

2011-09-14 15:29:14

fedora

[SECURITY] Fedora 16 Update: httpd-2.2.21-1.fc16

2011-09-30 19:07:35

[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15

2011-09-16 01:58:28

amazon

Medium: httpd

2011-09-27 22:46:00

slackware

[slackware-security] httpd

2011-09-09 14:05:46

[slackware-security] httpd

2011-10-14 23:59:50

securityvulns

Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)

2011-08-27 00:00:00

Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability

2011-08-30 00:00:00

Multiple HTTP servers DoS

2011-10-20 00:00:00

ubuntu

Apache vulnerability

2011-09-01 00:00:00

oraclelinux

httpd security update

2011-08-31 00:00:00

httpd security and bug fix update

2011-10-20 00:00:00

debiancve

CVE-2011-3192

2011-08-29 15:55:02

cvelist

CVE-2011-3192

2011-08-29 15:00:00

CVE-2014-5329

2023-09-08 02:52:41

cve

CVE-2011-3192

2011-08-29 15:55:02

CVE-2014-5329

2023-09-08 03:15:07

prion

Code injection

2011-08-29 15:55:00

Race condition

2023-09-08 03:15:00

nvd

CVE-2014-5329

2023-09-08 03:15:07

CVE-2011-3192

2011-08-29 15:55:02

osv

apache2 - denial of service

2011-09-05 00:00:00

jvn

JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)

2014-10-16 00:00:00

ubuntucve

CVE-2011-3192

2011-08-29 00:00:00

exploitdb

Apache - Denial of Service

2011-12-09 00:00:00

nmap

http-vuln-cve2011-3192 NSE Script

2011-08-29 21:42:57

attackerkb

CVE-2011-3192

2011-08-29 00:00:00

kaspersky

KLA10065 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

gentoo

Apache HTTP Server: Multiple vulnerabilities

2012-06-24 00:00:00

oracle

Oracle Critical Patch Update - October 2011

2011-10-18 00:00:00

Oracle Critical Patch Update - January 2012

2012-01-17 00:00:00

Oracle Critical Patch Update - July 2012

2012-07-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.963 High

EPSS

Percentile

99.6%

JSON

Related for RHSA-2011:1369