Описание
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Отчет
Before updated packages are deployed, users can deploy configuration changes to mitigate this flaw: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3192#c18
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Directory Server 8 | httpd | Affected | ||
| JBEWS 1.0 for RHEL 4 | httpd22 | Fixed | RHSA-2011:1329 | 21.09.2011 |
| Red Hat Enterprise Linux 3 Extended Lifecycle Support | httpd | Fixed | RHSA-2011:1300 | 15.09.2011 |
| Red Hat Enterprise Linux 4 | httpd | Fixed | RHSA-2011:1245 | 31.08.2011 |
| Red Hat Enterprise Linux 5 | httpd | Fixed | RHSA-2011:1245 | 31.08.2011 |
| Red Hat Enterprise Linux 5 | httpd | Fixed | RHSA-2011:1294 | 14.09.2011 |
| Red Hat Enterprise Linux 5.3 Long Life | httpd | Fixed | RHSA-2011:1294 | 14.09.2011 |
| Red Hat Enterprise Linux 6 | httpd | Fixed | RHSA-2011:1245 | 31.08.2011 |
| Red Hat Enterprise Linux 6.0 EUS - Server Only | httpd | Fixed | RHSA-2011:1294 | 14.09.2011 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 | httpd | Fixed | RHSA-2011:1329 | 21.09.2011 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2. ...
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
EPSS
5 Medium
CVSS2