스톰캐스트 : CVE-2011-3192

전세계

한국

한국 해킹 유형 통계

CVE-2011-3192
기본정보	공개일 : 2011-08-30 변경일 : 2012-01-20
CVSS 평가	위험도: 7.8 액세스 벡터 : NETWORK 액세스 복잡성 : 낮음 인증 : 없음 기밀성 영향 : 없음 무결성 영향 : 없음 가용성 영향 : 전체 출처 : http://nvd.nist.gov 공개일 : 2011-08-30
설명	The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
참조	CERT-VN, VU#405811 MLIST, [dev] 20110823 Re: DoS with mod_deflate & range requests CONFIRM, https://issues.apache.org/bugzilla/show_bug.cgi?id=51714 CONFIRM, https://bugzilla.redhat.com/show_bug.cgi?id=732928 XF, apache-http-byterange-dos(69396) UBUNTU, USN-1199-1 BID, 49303 REDHAT, RHSA-2011:1369 REDHAT, RHSA-2011:1330 REDHAT, RHSA-2011:1329 REDHAT, RHSA-2011:1300 REDHAT, RHSA-2011:1294 REDHAT, RHSA-2011:1245 CONFIRM, http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.h.. CONFIRM, http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.h.. CONFIRM, http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192.. MANDRIVA, MDVSA-2011:130 CONFIRM, http://www.gossamer-threads.com/lists/apache/dev/401638 EXPLOIT-DB, 17696 CISCO, 20110830 Apache HTTPd Range Header Denial of Service Vulnerability CONFIRM, http://www.apache.org/dist/httpd/Announcement2.2.html CONFIRM, http://support.apple.com/kb/HT5002 SECTRACK, 1025960 SECUNIA, 46126 SECUNIA, 46125 SECUNIA, 46000 SECUNIA, 45937 SECUNIA, 45606 FULLDISC, 20110820 Apache Killer OSVDB, 74721 HP, HPSBMU02704 HP, SSRT100626 HP, HPSBUX02707 HP, HPSBUX02702 HP, SSRT100606 MLIST, [announce] 20110824 Advisory: Range header DoS vulnerability Apache HTT.. SUSE, SUSE-SU-2011:1229 SUSE, SUSE-SU-2011:1216 SUSE, SUSE-SU-2011:1010 SUSE, SUSE-SU-2011:1007 SUSE, SUSE-SU-2011:1000 SUSE, openSUSE-SU-2011:0993 APPLE, APPLE-SA-2011-10-12-3 CONFIRM, http://blogs.oracle.com/security/entry/security_alert_for_cve_2011 FULLDISC, 20110824 Re: Apache Killer
취약 소프트웨어	apache http_server 2.2.8 apache http_server 1.3.11 apache http_server 1.3.41 apache http_server 2.0.36 apache http_server 1.3.2 apache http_server 1.3.30 apache http_server 1.3.42 apache http_server 1.3.13 apache http_server 2.0.39 apache http_server 1.3.12 apache http_server 1.3.26 apache http_server 2.2.19 apache http_server 2.0.38 apache http_server 2.2.10 apache http_server 1.3.14 apache http_server 1.3.9 apache http_server 1.3.29 apache http_server 2.0.48 apache http_server 1.3.4 apache http_server 2.0.56 apache http_server 2.0.52 apache http_server 2.2.6 apache http_server 2.0.44 apache http_server 2.0.32 apache http_server 2.2.13 apache http_server 1.3.31 apache http_server 2.2.4 apache http_server 1.3 apache http_server 1.3.19 apache http_server 1.3.8 apache http_server 2.2.9 apache http_server 2.2.16 apache http_server 2.0.28 apache http_server 2.0.35 apache http_server 1.3.34 apache http_server 1.3.24 apache http_server 1.3.65 apache http_server 2.0.45 apache http_server 2.0.55 apache http_server 2.0.47 apache http_server 2.0.64 apache http_server 2.0.28 apache http_server 1.3.1 apache http_server 1.3.35 apache http_server 2.0.42 apache http_server 2.0.37 apache http_server 1.3.18 apache http_server 1.3.22 apache http_server 1.3.38 apache http_server 2.0.50 apache http_server 2.2.11 apache http_server 2.0.46 apache http_server 2.0.61 apache http_server 2.2.3 apache http_server 1.3.16 apache http_server 1.3.1.1 apache http_server 2.2.12 apache http_server 2.0.57 apache http_server 2.0.58 apache http_server 1.3.28 apache http_server 2.0.43 apache http_server 2.0.54 apache http_server 1.3.68 apache http_server 2.0.40 apache http_server 1.3.6 apache http_server 2.2.14 apache http_server 1.3.17 apache http_server 1.3.36 apache http_server 2.2.2 apache http_server 1.3.5 apache http_server 2.2.18 apache http_server 1.3.3 apache http_server 1.3.39 apache http_server 2.0.63 apache http_server 1.3.23 apache http_server 1.3.33 apache http_server 1.3.10 apache http_server 2.0.49 apache http_server 1.3.15 apache http_server 2.0.41 apache http_server 2.0.53 apache http_server 2.0.59 apache http_server 2.0.60 apache http_server 1.3.0 apache http_server 2.2.1 apache http_server 2.2.0 apache http_server 2.0 apache http_server 2.0.34 apache http_server 2.0.9 apache http_server 1.3.27 apache http_server 2.0.51 apache http_server 1.3.32 apache http_server 2.2.15 apache http_server 1.3.20 apache http_server 1.3.37 apache http_server 1.3.25 apache http_server 1.3.7 apache http_server 2.0.32