RedHat Update For Httpd RHSA-2011:1294-01 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

Affected

httpd on Red Hat Enterprise Linux (v. 5 server)

References

https://www.redhat.com/archives/rhsa-announce/2011-September/msg00017.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3192
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:0457
RedHat Security Advisory RHSA-2009:0392
RedHat Security Advisory RHSA-2009:0427
RedHat Security Advisory RHSA-2009:1125
RedHat Security Advisory RHSA-2009:1081

RedHat Update for httpd RHSA-2011:1294-01

Take action and discover your vulnerabilities