Apache Range Header DoS (CVE-2011-3192)

Type: Active Scan

Risk: Medium

Description

The byterange filter in earlier versions of the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU exhaustion) via a Range request header that identifies multiple overlapping ranges. This issue was exploited in the wild in August 2011.

Solution

Upgrade your Apache server to a currently stable version. Alternative solutions or workarounds are outlined in the references.

References

CWE: 400

WASC: 10

Code

Last updated: 2020-04-30 16:12:39.623Z