SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Server/CGI)  >   Apache Vendors:   Apache Software Foundation
Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1025960
SecurityTracker URL:  http://securitytracker.com/id/1025960
CVE Reference:   CVE-2011-3192   (Links to External Site)
Updated:  Sep 2 2011
Original Entry Date:  Aug 22 2011
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in Apache. A remote user can cause denial of service conditions.

A remote user can send specially crafted requests to cause the HTTP byterange filter code to consume excessive memory on the target system. This may cause the target system to become unstable.

The 'Range' and 'Range-Request' headers are affected.

This vulnerability is being actively exploited.

A demonstration exploit is available at:

http://www.exploit-db.com/exploits/17696/

Kingcope reported this vulnerability.

Impact:   A remote user can cause the target system to become unstable.
Solution:   The vendor has issued a fix (2.2.20).

The vendor's advisories are available at:

http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110826103531.998348F82@minotaur.apache.org%3E

http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E

Vendor URL:  httpd.apache.org/ (Links to External Site)
Cause:   Resource error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 30 2011 (Cisco Issues Fix for NX-OS) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco has issued a fix for NX-OS.
Aug 30 2011 (Cisco TelePresence VCS is Affected) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco TelePresence Video Communication Server is affected.
Aug 30 2011 (Cisco Wireless Control System is Affected) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco Wireless Control System is affected.
Sep 1 2011 (Red Hat Issues Fix) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 4, 5, and 6.
Sep 2 2011 (IBM Issues Fix for IBM HTTP Server) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
IBM has issued a fix for IBM HTTP Server for OS/400.
Sep 7 2011 (IBM Issues Fix for IBM HTTP Server) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
IBM has issued a fix for IBM HTTP Server for OS/400.
Sep 8 2011 (HP Issues Fix for HP-UX) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
HP has issued a fix for HP-UX 11.23 and 11.31.
Sep 14 2011 (Red Hat Issues Fix) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for RHEL 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support.
Sep 16 2011 (Red Hat Issues Fix) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 3 Extended Life Cycle Support.
Sep 19 2011 (Oracle Issues Fix for Oracle Fusion Middleware) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Fusion Middleware.
Sep 19 2011 (Oracle Issues Fix for Oracle Application Server) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Application Server.
Sep 21 2011 (Red Hat Issues Fix for JBoss Enterprise Web Server) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for JBoss Enterprise Web Server for Red Hat Enterprise Linux 4, 5, and 6.
Sep 27 2011 (HP Issues Fix for HP-UX) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
HP has issued a fix for HP-UX 11.23 and 11.31.
Oct 13 2011 (Red Hat Issues Fix) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Application Stack.
Oct 18 2011 (Oracle Issues Fix for Oracle HTTP Server) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
Oracle has issued a fix for Oracle HTTP Server.
Oct 21 2011 (Check Point Issues Fix for Connectra) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
Check Point has issued a fix for Connectra.
Oct 21 2011 (Check Point Issues Fix for Check Point Endpoint Security) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
Check Point has issued a fix for Check Point Endpoint Security.
Nov 3 2011 (HP Issues Fix for HP OpenView Network Node Manager) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
HP has issued a fix for HP OpenView Network Node Manager.
Jan 11 2012 (F5 Issues Fix for BIG-IP) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
F5 has issued a fix for BIG-IP.
Jan 18 2012 (Oracle Issues Fix for Oracle Supply Chain Products Suite) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Supply Chain Products Suite.
Apr 18 2012 (HP Issues Fix for HP Onboard Administrator) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
HP has issued a fix for HP Onboard Administrator.
Jul 18 2012 (Oracle Issues Fix for Oracle Secure Backup) Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Secure Backup.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC