Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:DLINK-DIR605L-CAPTCHA-BOF1 |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Dlink D-Link DIR-605L Improper Variable Parsing Buffer Overflow1 |
Release Date |
2015/09/30 |
Update Number |
2541 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Dlink D-Link DIR-605L Improper Variable Parsing Buffer Overflow1
This signature detects attempts to exploit a known vulnerability in D-Link DIR-605L Wireless N300 Cloud Router. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted service.
Extended Description
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
Affected Products
- Apache http_server 1.3
- Apache http_server 1.3.0
- Apache http_server 1.3.1
- Apache http_server 1.3.10
- Apache http_server 1.3.11
- Apache http_server 1.3.1.1
- Apache http_server 1.3.12
- Apache http_server 1.3.13
- Apache http_server 1.3.14
- Apache http_server 1.3.15
- Apache http_server 1.3.16
- Apache http_server 1.3.17
- Apache http_server 1.3.18
- Apache http_server 1.3.19
- Apache http_server 1.3.2
- Apache http_server 1.3.20
- Apache http_server 1.3.22
- Apache http_server 1.3.23
- Apache http_server 1.3.24
- Apache http_server 1.3.25
- Apache http_server 1.3.26
- Apache http_server 1.3.27
- Apache http_server 1.3.28
- Apache http_server 1.3.29
- Apache http_server 1.3.3
- Apache http_server 1.3.30
- Apache http_server 1.3.31
- Apache http_server 1.3.32
- Apache http_server 1.3.33
- Apache http_server 1.3.34
- Apache http_server 1.3.35
- Apache http_server 1.3.36
- Apache http_server 1.3.37
- Apache http_server 1.3.38
- Apache http_server 1.3.39
- Apache http_server 1.3.4
- Apache http_server 1.3.41
- Apache http_server 1.3.42
- Apache http_server 1.3.5
- Apache http_server 1.3.6
- Apache http_server 1.3.65
- Apache http_server 1.3.68
- Apache http_server 1.3.7
- Apache http_server 1.3.8
- Apache http_server 1.3.9
- Apache http_server 2.0
- Apache http_server 2.0.28
- Apache http_server 2.0.32
- Apache http_server 2.0.34
- Apache http_server 2.0.35
- Apache http_server 2.0.36
- Apache http_server 2.0.37
- Apache http_server 2.0.38
- Apache http_server 2.0.39
- Apache http_server 2.0.40
- Apache http_server 2.0.41
- Apache http_server 2.0.42
- Apache http_server 2.0.43
- Apache http_server 2.0.44
- Apache http_server 2.0.45
- Apache http_server 2.0.46
- Apache http_server 2.0.47
- Apache http_server 2.0.48
- Apache http_server 2.0.49
- Apache http_server 2.0.50
- Apache http_server 2.0.51
- Apache http_server 2.0.52
- Apache http_server 2.0.53
- Apache http_server 2.0.54
- Apache http_server 2.0.55
- Apache http_server 2.0.56
- Apache http_server 2.0.57
- Apache http_server 2.0.58
- Apache http_server 2.0.59
- Apache http_server 2.0.60
- Apache http_server 2.0.61
- Apache http_server 2.0.63
- Apache http_server 2.0.64
- Apache http_server 2.0.9
- Apache http_server 2.2.0
- Apache http_server 2.2.1
- Apache http_server 2.2.10
- Apache http_server 2.2.11
- Apache http_server 2.2.12
- Apache http_server 2.2.13
- Apache http_server 2.2.14
- Apache http_server 2.2.15
- Apache http_server 2.2.16
- Apache http_server 2.2.18
- Apache http_server 2.2.19
- Apache http_server 2.2.2
- Apache http_server 2.2.3
- Apache http_server 2.2.4
- Apache http_server 2.2.6
- Apache http_server 2.2.8
- Apache http_server 2.2.9
References
- BugTraq: 49303
- CVE: CVE-2011-3192
- URL: http://seclists.org/fulldisclosure/2011/Aug/175