CVE-2011-3192

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 1.3.x through 2.0.64 Apache HTTP Server versions 2.2.x through 2.2.19

Description The issue arises from the incorrect handling of HTTP requests with modified Range header content, leading to the device ceasing to respond to HTTP requests. Specifically, the byterange filter in the Apache HTTP Server allows remote attackers to cause a denial of service via a Range header that expresses multiple overlapping ranges. This has been exploited in the wild, resulting in memory and CPU consumption.

Recommendations For Apache HTTP Server versions 1.3.x through 2.0.64, update to a version later than 2.0.64 to resolve the issue. For Apache HTTP Server versions 2.2.x through 2.2.19, update to a version later than 2.2.19 to resolve the issue. As a temporary workaround, consider restricting access to the Range header in HTTP requests to minimize the risk of exploitation.