Details
Alert Id 10053
Alert Type Active
Status deprecated
Risk Medium
CWE 400
WASC 10
Tags

Summary

The byterange filter in earlier versions of the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU exhaustion) via a Range request header that identifies multiple overlapping ranges. This issue was exploited in the wild in August 2011.

Deprecated: 2020-06-13

Produced too many false positives and is no longer relevant.

Solution

Upgrade your Apache server to a currently stable version. Alternative solutions or workarounds are outlined in the references.

References

Code