CVE-2011-3192
CVE-2011-3192
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 6
githubgithub.com/tkisason/KillApachePy★ 16githubgithub.com/stcmjp/cve-2011-3192★ 0githubgithub.com/futurezayka/CVE-2011-3192★ 0cve_referencewww.exploit-db.com/exploits/17696não verificadoexploitdbwww.exploit-db.com/exploits/18221não verificadoexploitdbwww.exploit-db.com/exploits/17696não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.htmlhttp://blogs.oracle.com/security/entry/security_alert_for_cve_2011http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlhttp://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD%40minotaur.apache.org%3ehttp://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g%40mail.gmail.com%3ehttp://marc.info/?l=bugtraq&m=131551295528105&w=2