← back
CVE-2011-3192

CVE-2011-3192

EPSS 98.9%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 98.9%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
19 Aug 2011Metasploit module available
19 Aug 2011Public PoC
29 Aug 2011Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Affected products
n/a · n/a
public PoCs found6
githubgithub.com/tkisason/KillApachePy16githubgithub.com/stcmjp/cve-2011-31920githubgithub.com/futurezayka/CVE-2011-31920cve_referencewww.exploit-db.com/exploits/17696unverifiedexploitdbwww.exploit-db.com/exploits/18221unverifiedexploitdbwww.exploit-db.com/exploits/17696unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.htmlhttp://blogs.oracle.com/security/entry/security_alert_for_cve_2011http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlhttp://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD%40minotaur.apache.org%3ehttp://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g%40mail.gmail.com%3ehttp://marc.info/?l=bugtraq&m=131551295528105&w=2