{"id":228039,"date":"2011-08-26T07:41:16","date_gmt":"2011-08-26T06:41:16","guid":{"rendered":"http:\/\/172.22.49.24\/?p=92"},"modified":"2011-08-26T07:41:16","modified_gmt":"2011-08-26T06:41:16","slug":"cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/","title":{"rendered":"CVE-2011-3192: Testing Apache's Denial of Service Susceptibility"},"content":{"rendered":"

This post accompanies the release by Intrinsec of a standalone tool designed to test the susceptibility of an Apache server to the CVE-2011-3192 vulnerability.,\u00a0Published on Full-Disclosure on August 20, 2011<\/a>.<\/p>\n

THE\u00a0Apache group published a response<\/a>, including useful countermeasures while awaiting the very soon release of a patch for Apache 1.3 and Apache 2.<\/p>\n

Other articles<\/a>\u00a0are already discussing the topic.<\/p>\n

If you simply want to test your sensitivity, we provide a non-offensive tool that performs a unit test (one HTTP request per service) based on the same detection method as the tool published on Full-Disclosure:\u00a0The tool can be downloaded from Google Code.<\/a>.<\/strong><\/p>\n

The script has been tested. The test remains a denial-of-service test, to be used with full awareness of its implications and only with the necessary legitimacy with respect to the system being tested.<\/p>\n

Update: Apache has released an update: v 2.2.20<\/a><\/p>\n

———————
\nThis tool allows to test quickly if an Apache server is prone to CVE-2011-3192 (Apache Range Header DOS)<\/a><\/p>","protected":false},"excerpt":{"rendered":"

This post accompanies the release by Intrinsec of a standalone tool designed to test sensitivity [\u2026]<\/p>","protected":false},"author":10,"featured_media":172,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,19],"tags":[75,76,77,68],"class_list":["post-228039","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-evaluation-securite","category-soc-securite-operationnelle","tag-apache","tag-dos","tag-http","tag-outils"],"yoast_head":"\nCVE-2011-3192 : Tester la sensibilit\u00e9 au d\u00e9ni de service Apache - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2011-3192 : Tester la sensibilit\u00e9 au d\u00e9ni de service Apache\" \/>\n<meta property=\"og:description\" content=\"Ce post accompagne la publication par Intrinsec d’un outil autonome visant \u00e0 tester la sensibilit\u00e9 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2011-08-26T06:41:16+00:00\" \/>\n<meta name=\"author\" content=\"Cyrille BARTHELEMY\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cyrille BARTHELEMY\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/\"},\"author\":{\"name\":\"Cyrille BARTHELEMY\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\"},\"headline\":\"CVE-2011-3192 : Tester la sensibilit\u00e9 au d\u00e9ni de service Apache\",\"datePublished\":\"2011-08-26T06:41:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/\"},\"wordCount\":189,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"keywords\":[\"Apache\",\"DOS\",\"HTTP\",\"Outils\"],\"articleSection\":[\"Evaluation S\u00e9curit\u00e9\",\"SOC S\u00e9curit\u00e9 Op\u00e9rationnelle\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/\",\"name\":\"CVE-2011-3192 : Tester la sensibilit\u00e9 au d\u00e9ni de service Apache - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2011-08-26T06:41:16+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2011-3192 : Tester la sensibilit\u00e9 au d\u00e9ni de service Apache\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\",\"name\":\"Cyrille BARTHELEMY\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"caption\":\"Cyrille BARTHELEMY\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/cby\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CVE-2011-3192: Testing Apache Denial-of-Service Susceptibility - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/","og_locale":"en_US","og_type":"article","og_title":"CVE-2011-3192 : Tester la sensibilit\u00e9 au d\u00e9ni de service Apache","og_description":"Ce post accompagne la publication par Intrinsec d’un outil autonome visant \u00e0 tester la sensibilit\u00e9 […]","og_url":"https:\/\/www.intrinsec.com\/en\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/","og_site_name":"INTRINSEC","article_published_time":"2011-08-26T06:41:16+00:00","author":"Cyrille BARTHELEMY","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cyrille BARTHELEMY","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/"},"author":{"name":"Cyrille BARTHELEMY","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109"},"headline":"CVE-2011-3192 : Tester la sensibilit\u00e9 au d\u00e9ni de service Apache","datePublished":"2011-08-26T06:41:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/"},"wordCount":189,"commentCount":0,"image":{"@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/#primaryimage"},"thumbnailUrl":"","keywords":["Apache","DOS","HTTP","Outils"],"articleSection":["Evaluation S\u00e9curit\u00e9","SOC S\u00e9curit\u00e9 Op\u00e9rationnelle"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/","url":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/","name":"CVE-2011-3192: Testing Apache Denial-of-Service Susceptibility - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/#primaryimage"},"thumbnailUrl":"","datePublished":"2011-08-26T06:41:16+00:00","author":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109"},"breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/cve-2011-3192-tester-la-sensibilite-au-deni-de-service-apache\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"CVE-2011-3192 : Tester la sensibilit\u00e9 au d\u00e9ni de service Apache"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109","name":"Cyrille BARTHELEMY","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","caption":"Cyrille BARTHELEMY"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/cby\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/228039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=228039"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/228039\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=228039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=228039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=228039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}