Apache Range Header DoS (CVE-2011-3192)

Type: Active Scan

Risk: Medium


The byterange filter in earlier versions of the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU exhaustion) via a Range request header that identifies multiple overlapping ranges. This issue was exploited in the wild in August 2011.


Upgrade your Apache server to a currently stable version. Alternative solutions or workarounds are outlined in the references.


CWE: 400

WASC: 10


Last updated: 2020-04-30 16:12:39.623Z