| Details | |
|---|---|
| Alert ID | 10053 |
| Alert Type | Active |
| Status | deprecated |
| Risk | Medium |
| CWE | 400 |
| WASC | 10 |
| Technologies Targeted | All |
| Tags | |
Summary
The byterange filter in earlier versions of the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU exhaustion) via a Range request header that identifies multiple overlapping ranges. This issue was exploited in the wild in August 2011.
Deprecated: 2020-06-13
Produced too many false positives and is no longer relevant.
Solution
Upgrade your Apache server to a currently stable version. Alternative solutions or workarounds are outlined in the references.Other Info
References
- https://httpd.apache.org/security/CVE-2011-3192.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3192