CVE-2011-3192 in Ubuntu

CVE-2011-3192

Priority

Medium

Description

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64,
and 2.2.x through 2.2.19 allows remote attackers to cause a denial of
service (memory and CPU consumption) via a Range header that expresses
multiple overlapping ranges, as exploited in the wild in August 2011, a
different vulnerability than CVE-2007-0086.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
http://marc.info/?t=131379269200002&r=1&w=2
http://marc.info/?t=131409787700005&r=1&w=2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639825
http://marc.info/?l=apache-httpd-dev&m=131473034627316&w=2
https://usn.ubuntu.com/usn/usn-1199-1

Notes

jdstrand> regression on streaming videos from apache in Debian Bug #639825
sbeattie> am unable to reproduce the streaming videos regression with
sbeattie> mplayer from oneiric/amd64, natty/amd64, maverick/i386 and
sbeattie> hardy/amd64 against a maverick/i386 server with the pending
sbeattie> apache update installed.

Assigned-to

sbeattie

Package

Source: apache2 (LP Ubuntu Debian)

Upstream:

released (2.2.20-1)

Patches:

Vendor:	http://www.debian.org/security/2011/dsa-2298
Debian:	http://anonscm.debian.org/viewvc/pkg-apache/trunk/apache2/patches/083_CVE-2011-3192.dpatch?view=markup

More Information

Updated: 2017-12-15 20:29:29 UTC (commit 13913)