← volver
CVE-2011-3192

CVE-2011-3192

EPSS 98.9%
Vexday Risk Score
60Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 98.9%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Ciclo de vida
19 ago 2011Exploit Metasploit disponible
19 ago 2011PoC pública
29 ago 2011Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Productos afectados
n/a · n/a
PoCs públicas encontradas6
githubgithub.com/tkisason/KillApachePy16githubgithub.com/stcmjp/cve-2011-31920githubgithub.com/futurezayka/CVE-2011-31920cve_referencewww.exploit-db.com/exploits/17696no verificadoexploitdbwww.exploit-db.com/exploits/18221no verificadoexploitdbwww.exploit-db.com/exploits/17696no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.htmlhttp://blogs.oracle.com/security/entry/security_alert_for_cve_2011http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlhttp://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD%40minotaur.apache.org%3ehttp://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g%40mail.gmail.com%3ehttp://marc.info/?l=bugtraq&m=131551295528105&w=2