Rapid7 Vulnerability & Exploit Database

RHSA-2011:1294: httpd security update

Back to Search

RHSA-2011:1294: httpd security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
08/29/2011
Created
07/25/2018
Added
09/20/2011
Modified
07/04/2017

Description

The Apache HTTP Server is a popular web server.A flaw was found in the way the Apache HTTP Server handled Range HTTPheaders. A remote attacker could use this flaw to cause httpd to use anexcessive amount of memory and CPU time via HTTP requests with aspecially-crafted Range header. (CVE-2011-3192)All httpd users should upgrade to these updated packages, which contain abackported patch to correct this issue. After installing the updatedpackages, the httpd daemon must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-httpd
  • redhat-upgrade-httpd-devel
  • redhat-upgrade-httpd-manual
  • redhat-upgrade-mod_ssl

References

  • redhat-upgrade-httpd
  • redhat-upgrade-httpd-devel
  • redhat-upgrade-httpd-manual
  • redhat-upgrade-mod_ssl

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;