Bug 714306 - Range header DoS vulnerability Apache HTTPD CVE-2011-3192
Range header DoS vulnerability Apache HTTPD CVE-2011-3192
Status: VERIFIED DUPLICATE of bug 713966
Classification: openSUSE
Product: openSUSE 11.4
Classification: openSUSE
Component: Apache
Final
Other Other
: P5 - None : Critical (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-08-25 20:55 UTC by Sebastian Siebert
Modified: 2011-08-26 13:45 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Siebert 2011-08-25 20:55:26 UTC
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0

This vulnerability of Apache is public now. We need the patch from the Apache developers to fix the potentially DoS issue of Apache. The patch comes surely very next day.

http://www.h-online.com/open/news/item/Tool-causes-Apache-web-server-to-freeze-Update-1330105.html

http://article.gmane.org/gmane.comp.apache.announce/58

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

We should apply the patch ASAP in
- openSUSE 11.3
- openSUSE 11.4
- Apache Repository (http://download.opensuse.org/repositories/Apache)


Reproducible: Always

Steps to Reproduce:
1. Send an insane range header

Actual Results:  
Out of memory

Expected Results:  
It does not run into an out of memory
Comment 1 Matthias Weckbecker 2011-08-26 13:45:07 UTC
Looks like a dupe of bnc#713966.

*** This bug has been marked as a duplicate of bug 713966 ***