CVE-2011-3192
Published Aug 29, 2011
Last updated a year ago
Overview
- Description
- The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-400
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8032B39-37CC-4B9F-8D09-A0171E66BE47",
"versionEndExcluding": "2.0.65",
"versionStartIncluding": "2.0.35"
},
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43A849EE-9D31-4289-84AF-E6831294297F",
"versionEndExcluding": "2.2.20",
"versionStartIncluding": "2.2.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "105187A7-2AFE-46F9-B0A9-F09C7E10BFBD"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79A35457-EAA3-4BF9-A4DA-B2E414A75A02"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "A44C3422-0D42-473E-ABB4-279D7494EE2F"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*",
"vulnerable": true,
"matchCriteriaId": "A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8C91701-DF37-4F7B-AB9A-B1BFDB4991F8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
}
],
"operator": "OR"
}
]
}
]