CVE-2011-3192

Priority
Medium
Description
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64,
and 2.2.x through 2.2.19 allows remote attackers to cause a denial of
service (memory and CPU consumption) via a Range header that expresses
multiple overlapping ranges, as exploited in the wild in August 2011, a
different vulnerability than CVE-2007-0086.
References
Notes
jdstrand> regression on streaming videos from apache in Debian Bug #639825
sbeattie> am unable to reproduce the streaming videos regression with
sbeattie> mplayer from oneiric/amd64, natty/amd64, maverick/i386 and
sbeattie> hardy/amd64 against a maverick/i386 server with the pending
sbeattie> apache update installed.
Assigned-to
sbeattie
Package
Upstream:released (2.2.20-1)
Ubuntu 8.04 LTS (Hardy Heron):released (2.2.8-1ubuntu0.21)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.2.14-5ubuntu8.6)
Ubuntu 11.04 (Natty Narwhal):released (2.2.17-1ubuntu1.2)
Ubuntu 11.10 (Oneiric Ocelot):released (2.2.20-1ubuntu1)
Patches:
Vendor:http://www.debian.org/security/2011/dsa-2298
Debian:http://anonscm.debian.org/viewvc/pkg-apache/trunk/apache2/patches/083_CVE-2011-3192.dpatch?view=markup
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:23 UTC (commit 5347)