CVE-2011-3192

Public on 2011-08-29
Modified on 2014-09-14
Description
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Severity
Important severity
Important
CVSS v3 Base Score
5.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 httpd 2011-09-27 ALAS-2011-1 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv2 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C