7.8
CVSSv2

CVE-2011-3192

Published: 29/08/2011 Updated: 30/11/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 848
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x up to and including 2.0.64, and 2.2.x up to and including 2.2.19 allows remote malicious users to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Vulnerability Trend

Vendor Advisories

A remote attacker could send crafted input to Apache and cause it to crash ...
The Apache HTTP Server is a popular web server A flaw was found in the way the Apache HTTP Server handled Range HTTP headers A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header (CVE-2011-3192 ) All httpd users should upgrade to these update ...
Two issues have been found in the Apache HTTPD web server: CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service CVE-2010-1452 A vulnerability has b ...
The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges Multiple Cisco products may be affected by this vulnerability Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory: toolscisc ...
Synopsis Moderate: httpd security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix multiple security issues and one bug arenow available for JBoss Enterprise Web Server 102 for Red Hat EnterpriseLinux 5 and 6The Red Hat Security Response Team has rated th ...

Exploits

#Apache httpd Remote Denial of Service (memory exhaustion) #By Kingcope #Year 2011 # # Will result in swapping memory to filesystem on the remote side # plus killing of processes when running out of swap space # Remote System becomes unstable # use IO::Socket; use Parallel::ForkManager; sub usage { print "Apache Remote Denial of Service (memor ...
/* * This is a reverse engineered version of the exploit for CVE-2011-3192 made * by ev1lut10n (jayakonstruksicom/backupintsec/rapachetgz) * Copyright 2011 Ramon de C Valle <rcvalle@redhatcom> * * Compile with the following command: * gcc -Wall -pthread -o rcvalle-rapache rcvalle-rapachec */ #include <stdioh> #inclu ...

Mailing Lists

Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities ...
This is a reverse engineered version of the exploit by ev1lut10n that triggers a denial of service condition using a vulnerability in the Range header of Apache versions 13x, 2064 and below and 2219 and below ...
Opoliseu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities The vendor has not responded to the researchers reports of these issues ...
ProtonMailch suffers from cross site request forgery, header injection, and out of date software vulnerabilities Note that this finding houses site-specific data ...

Nmap Scripts

http-vuln-cve2011-3192

Detects a denial of service vulnerability in the way the Apache web server handles requests for multiple overlapping/simple ranges of a page.

nmap --script http-vuln-cve2011-3192.nse [--script-args http-vuln-cve2011-3192.hostname=nmap.scanme.org] -pT:80,443 <host>

Host script results: | http-vuln-cve2011-3192: | VULNERABLE: | Apache byterange filter DoS | State: VULNERABLE | IDs: CVE:CVE-2011-3192 OSVDB:74721 | Description: | The Apache web server is vulnerable to a denial of service attack when numerous | overlapping byte ranges are requested. | Disclosure date: 2011-08-19 | References: | http://seclists.org/fulldisclosure/2011/Aug/175 | http://nessus.org/plugins/index.php?view=single&id=55976 | http://osvdb.org/74721 |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

Metasploit Modules

Apache Range Header DoS (Apache Killer)

The byterange filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, exploit called "Apache Killer"

msf > use auxiliary/dos/http/apache_range_dos
      msf auxiliary(apache_range_dos) > show actions
            ...actions...
      msf auxiliary(apache_range_dos) > set ACTION <action-name>
      msf auxiliary(apache_range_dos) > show options
            ...show and set options...
      msf auxiliary(apache_range_dos) > run

Github Repositories

DDOS and attack resilient HAProxy configuration. To be used behind CloudFlare.

haproxy-ddos DDOS and attack resilient HAProxy configuration To be used behind CloudFlare Use it to build Docker container-based load balancers Follow @analytically for updates I welcome pull requests for blocking other attack vectors! Part inspired by HAProxy termination in AWS Building docker build -t mycompany/haproxy-ddos Running Mozilla's recommended configurat

DDoS Script | Scanner

DDoS-Script DDoS Script | Scanner Scanners &amp; Filtering Chargen Scanner pastebincom/5VVSHXYD Chargen Filter (PHP) pastebincom/JN8XQsAG DNS AMP Scanner pastebincom/1vpsK4fD NTP AMP Scanner pastebincom/EvLZY3Xa Layer 4 Attack Scripts SUDP 50x pastebincom/kQsqnV9x Default UDP pastebincom/gKXzU81v Dr Dos pastebincom/xxm

Apache Range Header DoS Exploit

CVE-2011-3192 Can sıkıntısından dolayı bazı kritik exploitleri GO ile yazma Vol-0x1

A collection of exploits developed by 1N3 @ CrowdShield - crowdshieldcom Vulnserverexe GMON SEH Overflow Exploit FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass) CoolPlayer+ Portable 2196 Stack Overflow (ASLR Bypass) HTTPoxy Exploit/PoC Scanner Ability FTP 234 Buffer Overflow Exploit Aruba AP-205 Buffer Overflow Denial of Service PoC Brainpan1 CTF Buffer Ov

A collection of exploits developed by 1N3 @ CrowdShield - crowdshieldcom Vulnserverexe GMON SEH Overflow Exploit FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass) CoolPlayer+ Portable 2196 Stack Overflow (ASLR Bypass) HTTPoxy Exploit/PoC Scanner Ability FTP 234 Buffer Overflow Exploit Aruba AP-205 Buffer Overflow Denial of Service PoC Brainpan1 CTF Buffer Ov

https://xerosecurity.com - Founder of @XeroSecurity. Creator of Sn1per. Hacking since '93. 20+ yrs. IT exp. Sr. Penetration Tester. OSCE/OSCP/CISSP @xer0dayz @XeroSecurity

Website xerosecuritycom Blog xerosecuritycom/wordpress/blog/ Social Media twittercom/xer0dayz twittercom/xerosecurity youtubecom/xerosecurity Bug Bounty Profiles bugcrowdcom/1N3 hackeronecom/1N3 Public Exploits packetstormsecuritycom/files/author/1N3/ wwwexploit-dbcom/?author=7787 https:/

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

A collection of exploits developed by @xer0dayz @XeroSecurity xerosecuritycom Vulnserverexe GMON SEH Overflow Exploit FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass) CoolPlayer+ Portable 2196 Stack Overflow (ASLR Bypass) HTTPoxy Exploit/PoC Scanner Ability FTP 234 Buffer Overflow Exploit Aruba AP-205 Buffer Overflow Denial of Service PoC Brainpan1 CTF Buff

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

repository ini digunakan untuk belajar

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Recent Articles

Oracle rushes out emergency Apache DoS patch
The Register • John Leyden • 19 Sep 2011

Sysadmins shouldn't hang about with this one...

Oracle broke with tradition with the publication of an unscheduled security update last weekend.
The fix – which addresses a DoS vulnerability in its Apache web server software – represents only the fifth time that Oracle has published a security fix outside the quarterly patch update batch it began at the start of 2005, net security firm Sophos notes. More specifically the patch provides an updated Apache web server, httpd, to Oracle's Fusion Middleware and Application Server products...

Oracle Out of Cycle Apache Patch – CVE-2011-3192
Securelist • Kurt Baumgartner • 16 Sep 2011

Webmasters, mainly corporate sysadmin and dev teams, need to pay attention to today’s Oracle CPU, impacting Oracle Fusion Middleware, Oracle Application Server, and Oracle Enterprise Manager. This stuff is commonly deployed in the enterprise. Sysadmins should be aware that CVE-2011-3192 is only known to enable DoS attacks: “The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU ...

Apache Releases Version 2.2.21 With New Fix For Range Header Flaw
Threatpost • Dennis Fisher • 14 Sep 2011

Two weeks after releasing a fix for the range-header denial-of-service flaw that was much-discussed on security forums and mailing lists, the Apache Software Foundation has pushed out another version of its popular Web server that includes a further fix for the same flaw.
Apache 2.2.21 has a patch for the CVE-2011-3192 vulnerability that the group previously fixed in late August with the release of version 2.2.20. The vulnerability is an old one that recently resurfaced after a...

Apache Fixes Range Header DoS Flaw
Threatpost • Dennis Fisher • 31 Aug 2011

There is a new version of the Apache Web Server available that fixes the recently disclosed range header denial-of-service vulnerability. Apache 2.2.20 is was released Tuesday and the new content mostly comprises the bug fix.
The Apache Software Foundation, which maintains the Web server, said that all users should upgrade to the new release as soon as possible in order to take advantage of the patch for CVE-2011-3192. The vulnerability in Apache lies in the way that the server...

Apache squashes 'devastating' bug under attack
The Register • Dan Goodin • 30 Aug 2011

Byte range vuln exposed servers to crippling DoS exploit

Maintainers of the open-source Apache webserver have fixed a severe weakness that attackers are exploiting to crash websites.
Flaws in Apache's HTTP daemon made it easy to crash servers using publicly available software released last week. The bugs in the way the HTTPD processed multiple web requests that involved overlapping byte ranges allowed attackers to overwhelm servers by sending them a modest amount of traffic.
An advisory on Apache's website said the bug, formally known as C...

References

CWE-399http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.htmlhttp://blogs.oracle.com/security/entry/security_alert_for_cve_2011http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlhttp://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3ehttp://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3ehttp://marc.info/?l=bugtraq&m=131551295528105&w=2http://marc.info/?l=bugtraq&m=131731002122529&w=2http://marc.info/?l=bugtraq&m=132033751509019&w=2http://marc.info/?l=bugtraq&m=133477473521382&w=2http://marc.info/?l=bugtraq&m=133951357207000&w=2http://marc.info/?l=bugtraq&m=134987041210674&w=2http://osvdb.org/74721http://seclists.org/fulldisclosure/2011/Aug/175http://secunia.com/advisories/45606http://secunia.com/advisories/45937http://secunia.com/advisories/46000http://secunia.com/advisories/46125http://secunia.com/advisories/46126http://securitytracker.com/id?1025960http://support.apple.com/kb/HT5002http://www.apache.org/dist/httpd/Announcement2.2.htmlhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtmlhttp://www.exploit-db.com/exploits/17696http://www.gossamer-threads.com/lists/apache/dev/401638http://www.kb.cert.org/vuls/id/405811http://www.mandriva.com/security/advisories?name=MDVSA-2011:130http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2012-366304.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2012-392727.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1245.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1294.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1300.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1329.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1330.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1369.htmlhttp://www.securityfocus.com/bid/49303http://www.ubuntu.com/usn/USN-1199-1https://bugzilla.redhat.com/show_bug.cgi?id=732928https://exchange.xforce.ibmcloud.com/vulnerabilities/69396https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://issues.apache.org/bugzilla/show_bug.cgi?id=51714https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827https://github.com/analytically/haproxy-ddoshttps://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-1245https://nvd.nist.govhttps://www.exploit-db.com/exploits/17696/https://www.kb.cert.org/vuls/id/405811