This article is a part of our Web Security Knowledge Base (back to index)
Why “Apache Range Header DoS (CVE-2011-3192)” can be dangerous
This attack is performed by means of HTTP Range request header which allows the client to receive only specified parts of the requested content. The header contains a list of byte ranges of the content that should be returned in the response. The crucial fact is that for each of the byte ranges a separate copy of the requested resource must be created on the server, so when the attacker sends a malicious request with the Range header consisting of a large list of byte ranges it causes CPU and memory exhaustion resulting in denial of service (DoS).
How to fix “Apache Range Header DoS (CVE-2011-3192)”
The best solution for this problem is to update your Apache Server to 2.2.21 or newer. There are other technical approaches that can help mitigate this threat described in https://httpd.apache.org/security/CVE-2011-3192.txt.
Disallow Range and Request-Range headers.
How does ScanRepeat report “Apache Range Header DoS (CVE-2011-3192)”
ScanRepeat checks if there are fingerprints in response for requests.
Would you like to test your application now against this problem? Sign up for our free trial
Scan Your Web App Now