3.7 KiB
3.7 KiB
CVE-2011-3192
Description
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
POC
Reference
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Github
- https://github.com/1N3/1N3
- https://github.com/1N3/Exploits
- https://github.com/8ctorres/SIND-Practicas
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AkihiroSenpai/Informatique
- https://github.com/Aledangelo/HTB_Keeper_Writeup
- https://github.com/Aledangelo/THM_Jeff_Writeup
- https://github.com/Anton-gen/exploite_1
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CYB3RLEO/Apache_web_server_recon_and_enumeration_on_metasploitable2
- https://github.com/DButter/whitehat_public
- https://github.com/Dmitri131313/ReconScan
- https://github.com/Dokukin1/Metasploitable
- https://github.com/EhmaanShafqat96/Vulnerability-Assessment-of-Metasploitable-using-Nmap-and-Nikto
- https://github.com/Encapsulate/DDoS-Script
- https://github.com/Eutectico/Steel-Mountain
- https://github.com/Furious992/HW13-01
- https://github.com/GiJ03/ReconScan
- https://github.com/Hamibubu/SoccerWalktrough
- https://github.com/Iknowmyname/Nmap-Scans-M2
- https://github.com/LhonaPadmayuky/Nmap-Vulnerability-Assessment-Report
- https://github.com/Live-Hack-CVE/CVE-2011-3192
- https://github.com/MNCanyon/Mind_help
- https://github.com/NikulinMS/13-01-hw
- https://github.com/OlegBondarev33/dos
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/RanDomGuY84/OIBSIP
- https://github.com/RoliSoft/ReconScan
- https://github.com/SG-netology/13-1-Git
- https://github.com/SecureAxom/strike
- https://github.com/Xinjis/Apache_ByteRange_DoS_cve_2011_3192
- https://github.com/Zhivarev/13-01-hw
- https://github.com/analytically/haproxy-ddos
- https://github.com/cipher0411/Penetration-Test-Report-The-BodgeIt-Store-Web-Application
- https://github.com/digip/covfefe-ctf
- https://github.com/dineshkumarc987/Exploits
- https://github.com/futurezayka/CVE-2011-3192
- https://github.com/iciamyplant/camera_hack
- https://github.com/issdp/test
- https://github.com/joos-storage-sec/attacks
- https://github.com/kasem545/vulnsearch
- https://github.com/krlabs/apache-vulnerabilities
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/limkokholefork/CVE-2011-3192
- https://github.com/matoweb/Enumeration-Script
- https://github.com/mrt2h/DZ
- https://github.com/pedr0alencar/vlab-metasploitable2
- https://github.com/r3p3r/1N3-Exploits
- https://github.com/security-anthem/DC-p0t
- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
- https://github.com/stcmjp/cve-2011-3192
- https://github.com/tkisason/KillApachePy
- https://github.com/warmilk/http-Dos-Attack-Detection
- https://github.com/whoismh11/htaccess-security
- https://github.com/xxehacker/strike
- https://github.com/zzzWTF/db-13-01