Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-cqa7-5n1m-4kem
Vulnerability ID VCID-cqa7-5n1m-4kem
Aliases CVE-2011-3192
Summary A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory: CVE-2011-3192.txt
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.90456 https://api.first.org/data/v1/epss?cve=CVE-2011-3192
epss 0.90865 https://api.first.org/data/v1/epss?cve=CVE-2011-3192
apache_httpd important https://httpd.apache.org/security/json/CVE-2011-3192.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3192.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
732928 https://bugzilla.redhat.com/show_bug.cgi?id=732928
CVE-2011-3192 https://httpd.apache.org/security/json/CVE-2011-3192.json
CVE-2014-5329;OSVDB-74721;CVE-2011-3192 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/18221.c
CVE-2014-5329;OSVDB-74721;CVE-2011-3192 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/17696.pl
GLSA-201206-25 https://security.gentoo.org/glsa/201206-25
RHSA-2011:1245 https://access.redhat.com/errata/RHSA-2011:1245
RHSA-2011:1294 https://access.redhat.com/errata/RHSA-2011:1294
RHSA-2011:1300 https://access.redhat.com/errata/RHSA-2011:1300
RHSA-2011:1329 https://access.redhat.com/errata/RHSA-2011:1329
RHSA-2011:1330 https://access.redhat.com/errata/RHSA-2011:1330
USN-1199-1 https://usn.ubuntu.com/1199-1/
Data source Exploit-DB
Date added Aug. 19, 2011
Description Apache - Remote Memory Exhaustion (Denial of Service)
Ransomware campaign use Unknown
Source publication date Aug. 19, 2011
Exploit type dos
Platform multiple
Source update date Aug. 19, 2011
Data source Metasploit
Description The byterange filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, exploit called "Apache Killer".
Note 
AKA:
  - Apache Killer
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source publication date Aug. 19, 2011
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/apache_range_dos.rb
Exploit Prediction Scoring System (EPSS)
Percentile 0.99626
EPSS Score 0.90456
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:53:38.765767+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2011-3192.json 38.6.0