MediumIBM Security Host Protection for Servers (Windows), Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, RealSecure Network, RealSecure Server Sensor, Proventia Network IPS, IBM Security Host Protection for Desktops, IBM Security Host Protection for Servers (Unix), Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects when an HTTP request header Range or Request-Range specifier contains a byte range where the starting byte is greater than ending byte.
Medium
IBM Security Host Protection for Servers (Windows): 2.1.14.2680, Proventia Network IDS: XPU 31.090, Proventia-G 1.1 and earlier: XPU 31.090, Proventia Network MFS: XPU 31.090, RealSecure Network: XPU 31.090, RealSecure Server Sensor: XPU 31.090, Proventia Network IPS: XPU 31.090, IBM Security Host Protection for Desktops: 2680, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Server IPS for Linux technology: 31.090, Virtual Server Protection for Vmware: XPU 31.090
Novell NetWare: 6.0, HP HP-UX: B.11.11, Cisco MDS 9000, HP HP-UX: B.11.23, RedHat Enterprise Linux: 4 AS, RedHat Enterprise Linux: 4 Desktop, RedHat Enterprise Linux: 4 ES, RedHat Enterprise Linux: 4 WS, IBM WebSphere Application Server: 6.1, Cisco Wireless Control System, RedHat RHEL Cluster: 4, RedHat Enterprise Linux: 5, RedHat Enterprise Linux: 5 Client Workstation, HP HP-UX: B.11.31, RedHat Enterprise Linux: 5 Client, RedHat RHEL Application Stack: 2, Kolab Kolab Server: 2.0.0, IBM HTTP Server: 6.0, IBM HTTP Server: 6.1, IBM WebSphere Application Server: 7.0, IBM HTTP Server: 2.0, Cisco Nexus 7000, IBM HTTP Server: 7.0, Oracle Application Server 10g: 10.1.2.2, Oracle Fusion Middleware: 11.1, Hitachi Web Server: 3.x, Hitachi Web Server: 4.x, IBM OS 400: 6.x, F5 TMOS: 10.0.0, F5 TMOS: 10.2.0, Oracle Solaris: 11 Express, RedHat Enterprise Linux: 6 Server, RedHat Enterprise Linux: 6 Workstation, Apache HTTP Server: 2.2.19, IBM WebSphere Application Server: 8.0, Cisco TelePresence Video Communication Server (VCS), Cisco Video Surveillance Manager (VSM), Cisco Video Surveillance Operations Manager (VSOM), Cisco Quad, Cisco SAN-OS: 3.x, HP Onboard Administrator: 3.21, Oracle Secure Global Desktop: 4.6, F5 TMOS: 11.0, RedHat Enterprise Linux Desktop : 6, RedHat Enterprise Linux HPC Node : 6, RedHat Enterprise Linux Server EUS: 6.1.z, RedHat Enterprise Linux Server EUS: 6.0.z, RedHat Enterprise Linux EUS : 5.6.z, RedHat Enterprise Linux Long Life : 5.6, RedHat Enterprise Linux Long Life : 5.3, JBoss Enterprise Web Server, Avaya Experience Portal: 6.x, Xerox WorkCentre
Denial of Service
Apache HTTP Server is vulnerable to a denial of service, caused by an error in the ByteRange filter when processing malicious requests. By sending a specially-crafted HTTP request containing an overly large Range header, a remote attacker could exploit this vulnerability to exhaust all available memory resources.IBM
Upgrade to the latest version of Apache HTTP Server (2.2.20 or later), available from the Apache HTTP Server Project Web site. See References.
For WebSphere Application Server 6.1:
Apply the latest Fix Pack (6.1.0.41 or later) or APAR PM46234. See References.
For WebSphere Application Server 7.0:
Apply the latest Fix Pack (7.0.0.21 or later) or APAR PM46234. See References.
For WebSphere Application Server 8.0:
Apply the latest Fix Pack (8.0.0.1 or later) or APAR PM46234. See References.
For other distributions:
Apply the appropriate update for your system. See References.
ASF Bugzilla – Bug 51714
Byte Range Filter might consume huge amounts of memory combined with compressed streams
https://issues.apache.org/bugzilla/show_bug.cgi?id=51714
Apache HTTP Server Project Web site
Apache HTTPD Project - The Apache HTTPD Server Project
http://httpd.apache.org
EDB-ID: 17696
Apache httpd Remote Denial of Service (memory exhaustion)
http://www.exploit-db.com/exploits/17696/
Apache HTTPD Security ADVISORY
Range header DoS vulnerability Apache HTTPD 1.3/2.x
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110826103531.998348F82@minotaur.apache.org%3E
Apache HTTPD Security ADVISORY
Range header DoS vulnerability Apache HTTPD 1.3/2.x
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E
IBM APAR PM46234
Recommended fixes for WebSphere Application Server
http://www-01.ibm.com/support/docview.wss?uid=swg27004980
cisco-sa-20110830-apache
Apache HTTPd Range Header Denial of Service Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml
cisco-sa-20110830-apache
Apache HTTPd Range Header Denial of Service Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml
IBM APAR SE49334
HTTPSVR - PATCH APACHE VULNERABILITY CVE-2011-3192
https://www.ibm.com/support/docview.wss?uid=nas2aae02620b9b78d9e862578fe003c799b
IBM Security Protection Alert
Apache HTTP Server ByteRange filter denial of service
http://www.iss.net/threats/432.html
HPSBUX02702 SSRT100606 rev.2
HP-UX Apache Web Server, Remote Denial of Service (DoS)
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02997184
cisco-sa-20110830-apache
Apache HTTPd Range Header Denial of Service Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml
Kolab Mailing List, Wed Sep 14 14:35:07 CEST 2011
Announcing the Kolab Server 2.3.3
http://kolab.org/pipermail/kolab-announce/2011/000102.html
Oracle Web site
Oracle Security Alert for CVE-2011-3192
http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html
Sun Product Security Blog, Sep 22, 2011
Denial of Service (DoS) vulnerability in Apache HTTP Server
http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_denial_of
Oracle Critical Patch Update Advisory - October 2011
Oracle Critical Patch Update Advisory - October 2011
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
HPSBMU02704 SSRT100619
HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Denial of Service (DoS)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03011498
Sun Product Security Blog, Nov 14, 2011
CVE-2011-3192 and CVE-2011-0419 affect Oracle Secure Global Desktop
http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_and_cve
Oracle Web site
Secure Global Desktop
http://www.oracle.com/us/technologies/virtualization/oraclevm/061996.html
Offensive Security Exploit Database [12-09-2011]
Apache HTTP Server Denial of Service
http://www.exploit-db.com/exploits/18221/
F5 Web site
BIG-IP LTM and TMOS version 11.1.0
http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-1-0.html
F5 Web site
BIG-IP LTM and TMOS version 10.2.3
http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnotes-LTM-10-2-3.html
Oracle Critical Patch Update Advisory - January 2012
Oracle Critical Patch Update Advisory - January 2012
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
HPSBMU02766 SSRT100624 rev.1
HP Onboard Administrator (OA), Remote Denial of Service (DoS)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03285138
HPSBMU02776 SSRT100852 rev.1
HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03315912
Oracle Critical Patch Update Advisory - July 2012
Oracle Critical Patch Update Advisory - July 2012
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
HPSBOV02822 SSRT100966
HP Secure Web Server (SWS) for OpenVMS, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954
ASA-2011-281
httpd security update
https://downloads.avaya.com/css/P8/documents/100148618
Xerox Security Bulletin XRX12-004
Software update to address CVE-2011-3192
http://www.xerox.com/download/security/security-bulletin/1024c-4c596fb328140/cert_XRX12-004_v1.011.pdf
ISS X-Force
Apache HTTP Server ByteRange filter denial of service
http://www.iss.net/security_center/static/69396.php
CVE
CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192