Mandriva Linux Security Advisory 2011-130 - The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
65813d8810f717cfb790b8d71e3c30ad847dcc9f46ff8eb9bb3fb534db0fe7e6Ubuntu Security Notice 1199-1 - A flaw was discovered in the byterange filter in Apache. A remote attacker could exploit this to cause a denial of service via resource exhaustion.
cef3d693fcffc7191f3c28c86664259bbdec3631aeb9935fbdd7c0d9e012da89Red Hat Security Advisory 2011-1245-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
9d358eee0137bcb55329f07523ac5c813ec3f38675b434ed0acc12412b497c7eCisco Security Advisory - The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges. Multiple Cisco products may be affected by this vulnerability. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document listed in this advisory.
e3f873ef74fc9699c6df741f380df175d71fa69b431831e573d3f294b6c86326Debian Linux Security Advisory 2298-1 - Two issues have been found in the Apache HTTPD web server.
6e9061b65381e052868f049909e87b71f3eed7d315e49b4ef1507f8c11074dbcA denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPd server. Both the 1.3 and 2.x releases are affected. An attack tool is circulating in the wild. Active use of this tool has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
5d5a40e4d8f57c587755cd3f5ff822e2259dd225fa37f5f99b5edcce51cf091dA denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPd server. Both the 1.3 and 2.x releases are affected. An attack tool is circulating in the wild. Active use of this tool has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
a9690ce85ab38ad4c6cee06d55ad11d445eea51f1cdb17fcbcf5b56233597938
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed