Apache Range Header Processing DoS (Sep 1, 2011)

The Apache HTTP server is the most popular HTTP server software in use. It supports a variety of features, many implemented as compiled modules which extend the core functionality.

The Range header in HTTP/1.1 is used to request part of an entity; it improves efficiency when recovering from failed or incomplete transfers. The Range header may specify a single range of bytes, or a set of ranges within a single entity.

A memory exhaustion vulnerability exists in Apache HTTP Server. Specifically, the vulnerability happens when processing a Range header that expresses multiple overlapping ranges. A remote attacker could exploit this vulnerability by sending a series of crafted HTTP requests to the target server. Successful exploitation would exhaust available memory of the target server and cause a denial-of-service condition.

The vulnerability has been assigned as CVE-2011-3192.

SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 6905 Apache HTTP Range Header DOS Attempt