Computer Security
[EN] no-pyccku

Multiple HTTP servers DoS
updated since 27.08.2011
SecurityVulns ID:11880
Threat Level:
Description:Range: header processing can lead to memory exhaustion.
Affected:APACHE : Apache 1.3
 APACHE : Apache 2.0
 APACHE : Apache 2.2
CVE:CVE-2011-3348 (The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.)
 CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.)
Original documentdocumentCISCO, Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability (30.08.2011)
 documentXianuro GL, HTTPKiller - (Global HTTP DoS) (27.08.2011)
 document , Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192) (27.08.2011)
Files:HTTPKiller - FHTTP Kit by Xianur0
 Apache httpd Remote Denial of Service (memory exhaustion)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod