Bug 714306 - Range header DoS vulnerability Apache HTTPD CVE-2011-3192
Range header DoS vulnerability Apache HTTPD CVE-2011-3192
Status: VERIFIED DUPLICATE of bug 713966
Classification: openSUSE
Product: openSUSE 11.4
Classification: openSUSE
Component: Apache
Other Other
: P5 - None : Critical (vote)
: ---
Assigned To: Security Team bot
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2011-08-25 20:55 UTC by Sebastian Siebert
Modified: 2011-08-26 13:45 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Siebert 2011-08-25 20:55:26 UTC
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0

This vulnerability of Apache is public now. We need the patch from the Apache developers to fix the potentially DoS issue of Apache. The patch comes surely very next day.




We should apply the patch ASAP in
- openSUSE 11.3
- openSUSE 11.4
- Apache Repository (http://download.opensuse.org/repositories/Apache)

Reproducible: Always

Steps to Reproduce:
1. Send an insane range header

Actual Results:  
Out of memory

Expected Results:  
It does not run into an out of memory
Comment 1 Matthias Weckbecker 2011-08-26 13:45:07 UTC
Looks like a dupe of bnc#713966.

*** This bug has been marked as a duplicate of bug 713966 ***