Is CVE-2011-3192 actively exploited?

CVE-2011-3192 has no public evidence of in-the-wild exploitation as of 2025-04-11.

What is the CVSS score for CVE-2011-3192?

CVE-2011-3192 has a CVSS score of 7.8 (UNKNOWN severity). Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C.

How do I patch CVE-2011-3192?

Patch guidance is available from apache security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2011-3192.

CVE-2011-3192 - remediation guidance & executive summary

Q: Which products are affected by CVE-2011-3192?

16 products: apache http server, apache http server, opensuse opensuse, opensuse opensuse, suse linux enterprise server, and 11 more.

Description

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

CVSS Metrics

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Vector: network
Access Cmplx: low
Auth: none
Confidentiality: none
Integrity: none
Availability: complete
Weaknesses: CWE-400

Metadata

Primary Vendor: APACHE
Published: 8/29/2011
Last Modified: 4/11/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

apache : http_serverapache : http_serveropensuse : opensuseopensuse : opensusesuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_software_development_kitsuse : linux_enterprise_software_development_kitsuse : linux_enterprise_software_development_kitcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linux

Remediation Guidance

Executive Summary

View on NIST NVD