Apache Range Header DoS (CVE-2011-3192)

The byterange filter in earlier versions of the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU exhaustion) via a Range request header that identifies multiple overlapping ranges. This issue was exploited in the wild in August 2011.

Produced too many false positives and is no longer relevant.

The Apache Range Header vulnerability allows remote attackers to exhaust server resources through specially crafted HTTP Range requests containing multiple overlapping byte ranges. When processing these malicious requests, vulnerable Apache servers allocate excessive memory and CPU resources, leading to denial of service conditions. Attackers can render web services unavailable with minimal bandwidth by sending a small number of crafted requests. This vulnerability was actively exploited in widespread attacks during August 2011 before patches became available.

Upgrade your Apache server to a currently stable version. Alternative solutions or workarounds are outlined in the references.