Details
Alert Id 10053
Alert Type Active Scan Rule
Status beta
Risk Medium
CWE 400
WASC 10

Summary

The byterange filter in earlier versions of the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU exhaustion) via a Range request header that identifies multiple overlapping ranges. This issue was exploited in the wild in August 2011.

Solution

Upgrade your Apache server to a currently stable version. Alternative solutions or workarounds are outlined in the references.

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/ApacheRangeHeaderDosScanRule.java