Apache HTTPD 1.3/2.x Range header DoS vulnerability (CVE-2011-3192, JVNVU#405811)
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/JVNTR-2011-05.html
JVNRSS based Status Tracking Notes: Apache HTTPD server contains a denial-of-service vulnerability in the way multiple overlapping ranges are handled.JVNRSS Feasibility Study Teamjvn@jvn.jpJVNTR-2011-052011-09-19T15:55+00:002011-08-31T22:04+00:002011-09-19T15:55+00:00Apache HTTP Server DoS Vulnerability
http://www.jpcert.or.jp/at/2011/at110023.txt
Public notification for "Apache HTTPD Security ADVISORY (UPDATE 3 - FINAL)"
Public notification for "Update (Apache HTTP Server 2.2.21)".
JPCERT/CCJPCERT-AT-2011-0023http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-09-15T01:22+00:002011-09-15T01:22+00:002011-09-15T01:22+00:00Source code patch
http://www.apache.org/dist/httpd/patches/
Source code patch released.
CVE-2011-3192-2.2.14-byterange-fixes.patch
CVE-2011-3192-2.2.19-byterange-fixes.patch
CVE-2011-3192-2.0.64-byterange-fixes.patch
Apachehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-09-14T06:11+00:002011-09-14T06:11+00:002011-09-14T06:11+00:00Advisory: Range header DoS vulnerability Apache HTTPD prior to 2.2.20.
http://httpd.apache.org/security/CVE-2011-3192.txt
Security Advisory (UPDATE 3 - FINAL) published.
Apache 2.0 - all versions prior to 2.2.20 and prior to 2.0.65
Apache 1.3 is NOT vulnerable.
Apachehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-09-14T06:06+00:002011-09-14T06:06+00:002011-09-14T06:06+00:00Changes with Apache 2.2.21
http://www.apache.org/dist/httpd/CHANGES_2.2.21
Update released.: Apache HTTP Server 2.2.21
Apachehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-09-12T17:02+00:002011-09-12T17:02+00:002011-09-12T17:02+00:00Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
http://people.apache.org/~dirkx/CVE-2011-3192.txt
Security Advisory (UPDATE 3 - FINAL) published.
Apache 2.0 - all versions prior to 2.2.20 are vulnerable.
Apache 1.3 is NOT vulnerable.
Apachehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-09-01T11:54+00:002011-09-01T11:54+00:002011-09-01T11:54+00:00Bug 51748 - Apache 2.2.20 Range fix regression. Negative value handling
https://issues.apache.org/bugzilla/show_bug.cgi?id=51748
Range fix regression
Apachehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-09-01T06:48+00:002011-09-01T06:48+00:002011-09-01T06:48+00:00Apache HTTP Server DoS Vulnerability
http://www.jpcert.or.jp/at/2011/at110023.txt
Public notification for "Security Update (Apache HTTP Server 2.2.20)".
JPCERT/CCJPCERT-AT-2011-0023http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-08-31T14:42+09:002011-08-31T14:42+09:002011-08-31T14:42+09:00Fixed in Apache httpd 2.2.20
http://httpd.apache.org/security/vulnerabilities_22.html#2.2.20
Security Update released.: Apache HTTP Server 2.2.20
Apachehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-08-30T18:07+00:002011-08-30T18:07+00:002011-08-30T18:07+00:00Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110826103531.998348F82@minotaur.apache.org%3E
Security Advisory (UPDATE 2) published.
In addition to the 'Range' header - the 'Range-Request' header is equally affected.
Apachehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-08-26T10:35+00:002011-08-26T10:35+00:002011-08-26T10:35+00:00Apache HTTPD 1.3/2.x Range header DoS vulnerability
http://www.kb.cert.org/vuls/id/405811
Public notification for "Security Advisory (Apache HTTPD Security Advisory Update 2)".
US-CERTVU#405811http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-08-262011-08-262011-08-26Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3e
Security Advisory published
Apache 1.3 all versions and Apache 2 all versions are vulnerable.
Apachehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-08-24T16:16+00:002011-08-24T16:16+00:002011-08-24T16:16+00:00Apache Killer
http://seclists.org/fulldisclosure/2011/Aug/175
Vulnerability proof-of-concept code posted to Mailing List.
Full-disclosurehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-31922011-08-19T23:23+01:002011-08-19T23:23+01:002011-08-19T23:23+01:00