Published: 2011-08-31T22:04+00:00
Last Updated: 2011-08-31T22:04+00:00
JVNTR-2011-05
Apache HTTPD 1.3/2.x Range header DoS vulnerability (CVE-2011-3192, JVNVU#405811)
Overview
Apache HTTPD server contains a denial-of-service vulnerability in the way multiple overlapping ranges are handled.
Event Information
| Date (UTC) | Description |
| 2011-09-01 11:54 |
Apache Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192) Security Advisory (UPDATE 3 - FINAL) published. Apache 2.0 - all versions prior to 2.2.20 are vulnerable. Apache 1.3 is NOT vulnerable. |
| 2011-08-31 05:42 |
JPCERT/CC JPCERT-AT-2011-0023: Apache HTTP Server DoS Vulnerability Public notification for "Security Update (Apache HTTP Server 2.2.20)". |
| 2011-08-30 18:07 |
Apache Fixed in Apache httpd 2.2.20 Security Update released.: Apache HTTP Server 2.2.20 |
| 2011-08-26 10:35 |
Apache Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192) Security Advisory (UPDATE 2) published. In addition to the 'Range' header - the 'Range-Request' header is equally affected. |
| 2011-08-26 |
US-CERT VU#405811: Apache HTTPD 1.3/2.x Range header DoS vulnerability Public notification for "Security Advisory (Apache HTTPD Security Advisory Update 2)". |
| 2011-08-24 16:16 |
Apache Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192) Security Advisory published Apache 1.3 all versions and Apache 2 all versions are vulnerable. |
| 2011-08-19 22:23 |
Full-disclosure Apache Killer Vulnerability proof-of-concept code posted to Mailing List. |
Other Information
| CVE |
CVE-2011-3192 |