CVE-2011-3192 : Tester la sensibilité au déni de service Apache

CVE-2011-3192: Testing Apache's Denial of Service Susceptibility

This post accompanies the release by Intrinsec of a standalone tool designed to test the susceptibility of an Apache server to the CVE-2011-3192 vulnerability., Published on Full-Disclosure on August 20, 2011.

THE Apache group published a response, including useful countermeasures while awaiting the very soon release of a patch for Apache 1.3 and Apache 2.

Other articles are already discussing the topic.

If you simply want to test your sensitivity, we provide a non-offensive tool that performs a unit test (one HTTP request per service) based on the same detection method as the tool published on Full-Disclosure: The tool can be downloaded from Google Code..

The script has been tested. The test remains a denial-of-service test, to be used with full awareness of its implications and only with the necessary legitimacy with respect to the system being tested.

Update: Apache has released an update: v 2.2.20

———————
This tool allows to test quickly if an Apache server is prone to CVE-2011-3192 (Apache Range Header DOS)

Professions

challenges

challenges

Risks

Who are we ?

Our commitments

Recruitment

Partners

Events

Blog

CVE-2011-3192: Testing Apache's Denial of Service Susceptibility

CVE-2011-3192: Testing Apache's Denial of Service Susceptibility

Articles by category

Subscribe to our newsletter

Credential stuffing

Pentest: Types of penetration tests, methods and implementation

Phishing: How to protect yourself from it in 2026?

MSI packages and local privilege escalation in 2025

Campaigns targeting the aerospace industry in Russia

Hide the threat – GPO lateral movement

Professions

challenges

challenges

Risks

Who are we ?

Our commitments

Recruitment

Partners

Events

Blog