Test ID:	1.3.6.1.4.1.25623.1.0.901203
Category:	Denial of Service
Title:	Apache HTTP Server Range Header DoS Vulnerability
Summary:	Apache HTTP Server is prone to a denial of service (DoS) vulnerability.
Description:	Summary: Apache HTTP Server is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is caused the way Apache httpd web server handles certain requests with multiple overlapping ranges, which causes significant memory and CPU usage on the server leading to application crash and system can become unstable. Vulnerability Impact: Successful exploitation will let the remote unauthenticated attackers to cause a DoS. Affected Software/OS: Apache HTTP Server 1.3.x, 2.0.x through 2.0.64 and 2.2.x through 2.2.19. The vulnerable version of Apache HTTP Server is also known to be used in GIGAPOD file servers provided by TripodWorks. Solution: Update to version 2.0.65, 2.2.20 or later. For older versions please see the references for a fix to mitigate this issue. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3192 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 49303 http://www.securityfocus.com/bid/49303 CERT/CC vulnerability note: VU#405811 http://www.kb.cert.org/vuls/id/405811 Cisco Security Advisory: 20110830 Apache HTTPd Range Header Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml http://www.exploit-db.com/exploits/17696 http://seclists.org/fulldisclosure/2011/Aug/175 http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html HPdes Security Advisory: HPSBMU02704 http://marc.info/?l=bugtraq&m=132033751509019&w=2 HPdes Security Advisory: HPSBMU02766 http://marc.info/?l=bugtraq&m=133477473521382&w=2 HPdes Security Advisory: HPSBMU02776 http://marc.info/?l=bugtraq&m=133951357207000&w=2 HPdes Security Advisory: HPSBOV02822 http://marc.info/?l=bugtraq&m=134987041210674&w=2 HPdes Security Advisory: HPSBUX02702 http://marc.info/?l=bugtraq&m=131551295528105&w=2 HPdes Security Advisory: HPSBUX02707 http://marc.info/?l=bugtraq&m=131731002122529&w=2 HPdes Security Advisory: SSRT100606 HPdes Security Advisory: SSRT100619 HPdes Security Advisory: SSRT100624 HPdes Security Advisory: SSRT100626 HPdes Security Advisory: SSRT100852 HPdes Security Advisory: SSRT100966 http://www.mandriva.com/security/advisories?name=MDVSA-2011:130 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3e http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://osvdb.org/74721 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827 http://www.redhat.com/support/errata/RHSA-2011-1245.html http://www.redhat.com/support/errata/RHSA-2011-1294.html http://www.redhat.com/support/errata/RHSA-2011-1300.html http://www.redhat.com/support/errata/RHSA-2011-1329.html http://www.redhat.com/support/errata/RHSA-2011-1330.html http://www.redhat.com/support/errata/RHSA-2011-1369.html http://securitytracker.com/id?1025960 http://secunia.com/advisories/45606 http://secunia.com/advisories/45937 http://secunia.com/advisories/46000 http://secunia.com/advisories/46125 http://secunia.com/advisories/46126 SuSE Security Announcement: SUSE-SU-2011:1000 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html SuSE Security Announcement: SUSE-SU-2011:1007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html SuSE Security Announcement: SUSE-SU-2011:1010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html SuSE Security Announcement: SUSE-SU-2011:1216 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html SuSE Security Announcement: openSUSE-SU-2011:0993 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html http://www.ubuntu.com/usn/USN-1199-1 XForce ISS Database: apache-http-byterange-dos(69396) https://exchange.xforce.ibmcloud.com/vulnerabilities/69396 Common Vulnerability Exposure (CVE) ID: CVE-2014-5329 https://jvn.jp/en/jp/JVN23809730/
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.