Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2011-3192

Published: 29/08/2011 Updated: 07/11/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 810
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Apache

Vulnerability Summary

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x up to and including 2.0.64, and 2.2.x up to and including 2.2.19 allows remote malicious users to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

suse linux enterprise server 11

opensuse opensuse 11.4

opensuse opensuse 11.3

suse linux enterprise software development kit 10

suse linux enterprise server 10

suse linux enterprise software development kit 11

canonical ubuntu linux 10.10

canonical ubuntu linux 11.04

canonical ubuntu linux 8.04

canonical ubuntu linux 10.04

Vendor Advisories

Red Hat: Moderate: httpd security and bug fix update
Synopsis Moderate: httpd security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix multiple security issues and one bug arenow available for JBoss Enterprise Web Server 102 for Red Hat EnterpriseLinux 5 and 6The Red Hat Security Response Team has rated th ...
Ubuntu Security Notice: apache2 vulnerability
A remote attacker could send crafted input to Apache and cause it to crash ...
Debian Security Advisories: DSA-2298-2 apache2 -- denial of service
Two issues have been found in the Apache HTTPD web server: CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service CVE-2010-1452 A vulnerability has b ...
Amazon Linux AMI: ALAS-2011-001
The Apache HTTP Server is a popular web server A flaw was found in the way the Apache HTTP Server handled Range HTTP headers A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header (CVE-2011-3192) All httpd users should upgrade to these updated ...
Cisco: Apache HTTPd Range Header Denial of Service Vulnerability
The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges Multiple Cisco products may be affected by this vulnerability Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory: toolscisc ...

Exploits

Exploit DB: Apache - Denial of Service
/* * This is a reverse engineered version of the exploit for CVE-2011-3192 made * by ev1lut10n (jayakonstruksicom/backupintsec/rapachetgz) * Copyright 2011 Ramon de C Valle <rcvalle@redhatcom> * * Compile with the following command: * gcc -Wall -pthread -o rcvalle-rapache rcvalle-rapachec */ #include <stdioh> #inclu ...
Exploit DB: Apache - Remote Memory Exhaustion (Denial of Service)
#Apache httpd Remote Denial of Service (memory exhaustion) #By Kingcope #Year 2011 # # Will result in swapping memory to filesystem on the remote side # plus killing of processes when running out of swap space # Remote System becomes unstable # use IO::Socket; use Parallel::ForkManager; sub usage { print "Apache Remote Denial of Service (memor ...
Exploit DB: Apache Range Header Denial Of Service
This is a reverse engineered version of the exploit by ev1lut10n that triggers a denial of service condition using a vulnerability in the Range header of Apache versions 13x, 2064 and below and 2219 and below ...
Exploit DB: Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
Opoliseu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities The vendor has not responded to the researchers reports of these issues ...
Exploit DB: Obehotel CMS Denial Of Service / SQL Injection
Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities ...
Exploit DB: ProtonMail.ch Header Injection / CSRF
ProtonMailch suffers from cross site request forgery, header injection, and out of date software vulnerabilities Note that this finding houses site-specific data ...

Nmap Scripts

http-vuln-cve2011-3192

Detects a denial of service vulnerability in the way the Apache web server handles requests for multiple overlapping/simple ranges of a page.

nmap --script http-vuln-cve2011-3192.nse [--script-args http-vuln-cve2011-3192.hostname=nmap.scanme.org] -pT:80,443 <host>

Host script results:
| http-vuln-cve2011-3192:
|   VULNERABLE:
|   Apache byterange filter DoS
|     State: VULNERABLE
|     IDs:  CVE:CVE-2011-3192  OSVDB:74721
|     Description:
|       The Apache web server is vulnerable to a denial of service attack when numerous
|       overlapping byte ranges are requested.
|     Disclosure date: 2011-08-19
|     References:
|       http://seclists.org/fulldisclosure/2011/Aug/175
|       http://nessus.org/plugins/index.php?view=single&id=55976
|       http://osvdb.org/74721
|_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

Github Repositories

https://github.com/whoismh11/htaccess-security

.htaccess security config

htaccess Security Apache htaccess file security config Contents No Directory Index Options -Indexes htaccess File Protection &lt;files "htaccess"&gt; order allow,deny deny from all &lt;/files&gt; htaccess File Strong Protection &lt;Files ~ "^*\([Hh][Tt

https://github.com/AkihiroSenpai/Informatique

Aide-Mémoire I - Linux Fundamentals Les utilisateurs et les droits Installer des programmes avec apt-get Surveiller l'activité du système Exécuter des programmes en arrière-plan La connexion sécurisée à distance avec SSH Analyser le réseau et filtrer le trafic avec un pare-feu II - Network Fundamentals OSI

https://github.com/futurezayka/CVE-2011-3192

CVE-2011-3192 Run it using python 37 or 310 (tested on it) git clone githubcom/futurezayka/CVE-2011-3192git cd /CVE-2011-3192 pip install -r requirementstxt python3 exploitpy host tasks (example python3 exploitpy examplecom 50)

https://github.com/Eutectico/Steel-Mountain

Hack into a Mr. Robot themed Windows machine. Use metasploit for initial access, utilise powershell for Windows privilege escalation enumeration and learn a new technique to get Administrator access.

Steel Mountain tryhackmecom/room/steelmountain Hack into a Mr Robot themed Windows machine Use metasploit for initial access, utilise powershell for Windows privilege escalation enumeration and learn a new technique to get Administrator access F3d3r!c0 | Nov 20th, 2020 [Task 1] Introduction In this room you will enumerate a Windows machine, gain initial access with

https://github.com/Aledangelo/THM_Jeff_Writeup

Writeup of the room called "Jeff" on TryHackMe done for educational purposes.

JEFF First of all, I went on the IP address using browser and it appeared a white page So I analyzed the html code and I found this comment I added that address in my /etc/hosts on my kali machine and then I reloaded the page Meanwhile I had launched a scan to see the active services on the host and I found ports 80 and 22 open $ sudo nmap -Pn -sS --max-retries 1 --min-ra

https://github.com/SG-netology/13-1-Git

13-1-Git Домашнее задание к занятию 131 «Уязвимости и атаки на информационные системы» - Сергей Григорьев Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая О

https://github.com/limkokhole/CVE-2011-3192

Apache Range Header DoS Exploit

CVE-2011-3192 Can sıkıntısından dolayı bazı kritik exploitleri GO ile yazma Vol-0x1

https://github.com/security-anthem/DC-p0t

Docker Container Honeypot for Vulnerability Verification

DC-p0t (Hurry Potter) DC-p0tは,攻撃環境を再現する高対話型のハニーポットです. Docker上にWebサーバまたはDNSサーバを立ち上げ,tcpdumpを用いて通信を監視します. また,通信ログの可視化も同時に行います. 利用例 Docker上でbind9を立ち上げた状態で,googlecomのDNSを問い合わせた際の端

https://github.com/MNCanyon/MNCanyon

Config files for my GitHub profile.

plan I - Linux Fundamentals Les utilisateurs et les droits Installer des programmes avec apt-get Surveiller l'activité du système Exécuter des programmes en arrière-plan La connexion sécurisée à distance avec SSH Analyser le réseau et filtrer le trafic avec un pare-feu II - Network Fundamentals OSI Model 1 Couche

https://github.com/dineshkumarc987/Exploits

A collection of exploits developed by 1N3 @ CrowdShield - crowdshieldcom Vulnserverexe GMON SEH Overflow Exploit FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass) CoolPlayer+ Portable 2196 Stack Overflow (ASLR Bypass) HTTPoxy Exploit/PoC Scanner Ability FTP 234 Buffer Overflow Exploit Aruba AP-205 Buffer Overflow Denial of Service PoC Brainpan1 CTF Buffer Ov

https://github.com/analytically/haproxy-ddos

DDOS and attack resilient HAProxy configuration. To be used behind CloudFlare.

haproxy-ddos DDOS and attack resilient HAProxy configuration To be used behind CloudFlare Use it to build Docker container-based load balancers Follow @analytically for updates I welcome pull requests for blocking other attack vectors! Part inspired by HAProxy termination in AWS Building docker build -t mycompany/haproxy-ddos Runnin

https://github.com/Aledangelo/HTB_Keeper_Writeup

Writeup of the room called "Keeper" on HackTheBox done for educational purposes.

Keeper First, I run a quick scan on the target $ sudo nmap -sS -Pn --max-retries 1 --min-rate 20 -p- keeperhtb Starting Nmap 793 ( nmaporg ) at 2023-09-22 14:50 CEST Warning: 101011227 giving up on port because retransmission cap hit (1) Nmap scan report for keeperhtb (101011227) Host is up (0053s latency) Not shown: 65515 closed tcp ports (reset) PORT

https://github.com/r3p3r/1N3-Exploits

A collection of exploits developed by 1N3 @ CrowdShield - crowdshieldcom Vulnserverexe GMON SEH Overflow Exploit FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass) CoolPlayer+ Portable 2196 Stack Overflow (ASLR Bypass) HTTPoxy Exploit/PoC Scanner Ability FTP 234 Buffer Overflow Exploit Aruba AP-205 Buffer Overflow Denial of Service PoC Brainpan1 CTF Buffer Ov

https://github.com/Encapsulate/DDoS-Script

DDoS Script | Scanner

DDoS-Script DDoS Script | Scanner Scanners &amp; Filtering Chargen Scanner pastebincom/5VVSHXYD Chargen Filter (PHP) pastebincom/JN8XQsAG DNS AMP Scanner pastebincom/1vpsK4fD NTP AMP Scanner pastebincom/EvLZY3Xa Layer 4 Attack Scripts SUDP 50x pastebincom/kQsqnV9x Default UDP pastebincom/gKXzU81v Dr Dos pastebincom/xxm

https://github.com/joos-storage-sec/attacks

Уязвимости и атаки на информационные системы

attacks Уязвимости и атаки на информационные системы Исследование сетей Первым этапом любой атаки является исследование (exploration, разведка) атакуемой системы Основные задачи исследования сети: построение топо

https://github.com/iciamyplant/ctf

I hacked my own webcam from a Kali Linux VM in my local network, using Ettercap to do the MiTM ARP poisoning attack, sniffing with Wireshark, and using metasploit

plan I - Linux Fundamentals Les utilisateurs et les droits Installer des programmes avec apt-get Surveiller l'activité du système Exécuter des programmes en arrière-plan La connexion sécurisée à distance avec SSH Analyser le réseau et filtrer le trafic avec un pare-feu II - Network Fundamentals OSI Model 1 Couche

https://github.com/MNCanyon/Mind_help

Config files for my GitHub profile.

plan I - Linux Fundamentals Les utilisateurs et les droits Installer des programmes avec apt-get Surveiller l'activité du système Exécuter des programmes en arrière-plan La connexion sécurisée à distance avec SSH Analyser le réseau et filtrer le trafic avec un pare-feu II - Network Fundamentals OSI Model 1 Couche

https://github.com/warmilk/http-Dos-Attack-Detection

apache http dos 漏洞复现,以及漏洞检测

DoS 漏洞复现 + 基于机器学习的 DoS 攻击检测器 准备好复现漏洞的环境 客户端(windows 或 Linux 主机任意) 服务端(Linux主机一台。下文使用 Ubuntu) 步骤一:服务端主机安装 Apache2 sudo apt update sudo apt install apache2 apache2 -version 步骤二:服务端主机需自定义 Apache 日志文件存放路径 需要自

Recent Articles

Oracle rushes out emergency Apache DoS patch
The Register • John Leyden • 19 Sep 2011

Sysadmins shouldn't hang about with this one...

Oracle broke with tradition with the publication of an unscheduled security update last weekend. The fix – which addresses a DoS vulnerability in its Apache web server software – represents only the fifth time that Oracle has published a security fix outside the quarterly patch update batch it began at the start of 2005, net security firm Sophos notes. More specifically the patch provides an updated Apache web server, httpd, to Oracle's Fusion Middleware and Application Server products. The ...

Read more...
Oracle Out of Cycle Apache Patch – CVE-2011-3192
Securelist • Kurt Baumgartner • 16 Sep 2011

Webmasters, mainly corporate sysadmin and dev teams, need to pay attention to today’s Oracle CPU, impacting Oracle Fusion Middleware, Oracle Application Server, and Oracle Enterprise Manager. This stuff is commonly deployed in the enterprise. Sysadmins should be aware that CVE-2011-3192 is only known to enable DoS attacks: “The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU ...

Read more...
Apache squashes 'devastating' bug under attack
The Register • Dan Goodin • 30 Aug 2011

Byte range vuln exposed servers to crippling DoS exploit

Maintainers of the open-source Apache webserver have fixed a severe weakness that attackers are exploiting to crash websites. Flaws in Apache's HTTP daemon made it easy to crash servers using publicly available software released last week. The bugs in the way the HTTPD processed multiple web requests that involved overlapping byte ranges allowed attackers to overwhelm servers by sending them a modest amount of traffic. An advisory on Apache's website said the bug, formally known as CVE-2011-3192...

Read more...

References

CWE-400http://www.exploit-db.com/exploits/17696http://secunia.com/advisories/45606https://bugzilla.redhat.com/show_bug.cgi?id=732928http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.htmlhttps://issues.apache.org/bugzilla/show_bug.cgi?id=51714http://www.gossamer-threads.com/lists/apache/dev/401638http://securitytracker.com/id?1025960http://seclists.org/fulldisclosure/2011/Aug/175http://www.securityfocus.com/bid/49303http://osvdb.org/74721http://blogs.oracle.com/security/entry/security_alert_for_cve_2011http://www.ubuntu.com/usn/USN-1199-1http://www.redhat.com/support/errata/RHSA-2011-1294.htmlhttp://www.apache.org/dist/httpd/Announcement2.2.htmlhttp://secunia.com/advisories/46000http://www.mandriva.com/security/advisories?name=MDVSA-2011:130http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.htmlhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtmlhttp://secunia.com/advisories/45937http://www.redhat.com/support/errata/RHSA-2011-1245.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1300.htmlhttp://secunia.com/advisories/46126http://www.kb.cert.org/vuls/id/405811http://www.redhat.com/support/errata/RHSA-2011-1330.htmlhttp://secunia.com/advisories/46125http://www.redhat.com/support/errata/RHSA-2011-1329.htmlhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.htmlhttp://support.apple.com/kb/HT5002http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.htmlhttp://marc.info/?l=bugtraq&m=131551295528105&w=2http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.htmlhttp://marc.info/?l=bugtraq&m=131731002122529&w=2http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1369.htmlhttp://marc.info/?l=bugtraq&m=132033751509019&w=2http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2012-366304.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2012-392727.htmlhttp://marc.info/?l=bugtraq&m=134987041210674&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://marc.info/?l=bugtraq&m=133951357207000&w=2http://marc.info/?l=bugtraq&m=133477473521382&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/69396https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g%40mail.gmail.com%3ehttp://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD%40minotaur.apache.org%3ehttps://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2012:0542https://usn.ubuntu.com/1199-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/18221/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110830-apachehttps://www.kb.cert.org/vuls/id/405811
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook