Description

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Remediation

References

CVE-2011-3192

Related Vulnerabilities

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1210)

Apache HTTP Server Insertion of Sensitive Information into Log File Vulnerability (CVE-2001-1556)

WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.11)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4025)

Severity

High

Classification

CVE-2011-3192 CWE-400

Tags

Missing Update Known Vulnerabilities