Apache HTTPD Ranges Header Field Denial of Service (CVE-2011-3192)
| Check Point Reference: | CPAI-2011-402 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: 45606 | |
| Industry Reference(s): | CVE-2011-3192 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Apache Software Foundation HTTP Server all versions | ||
| Vulnerability Description A denial of service vulnerability has been reported in Apache httpd server. A remote attacker may exploit this vulnerability to cause a DoS condition in an affected server. |
||
|
Update/Patch Available Apply patches from the vendor's website |
|
|
Vulnerability Details The vulnerability is due to an error in Apache's http server while handling requests with malformed Range header values. A remote attacker could exploit this vulnerability by sending a series of specially crafted HTTP requests to a vulnerable server. Successful exploitation may cause the server to become unresponsive, resulting in a denial of service condition. |
Protection Overview
This protection will detect and block attempts to transfer malicious requests to the server.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.