http-vuln-cve2011-3192
脚本使用类型:
portrule
脚本所属分类:
vuln, safe
脚本下载地址: http://nmap.org/svn/scripts/http-vuln-cve2011-3192.nse
Detects a denial of service vulnerability in the way the Apache web server handles requests for multiple overlapping/simple ranges of a page.
References:
Define the request path
Define the host name to be used in the HEAD request sent to the server
执行格式
nmap --script http-vuln-cve2011-3192.nse [--script-args http-vuln-cve2011-3192.hostname=nmap.scanme.org] -pT:80,443 <host>
Host script results: | http-vuln-cve2011-3192: | VULNERABLE: | Apache byterange filter DoS | State: VULNERABLE | IDs: CVE:CVE-2011-3192 OSVDB:74721 | Description: | The Apache web server is vulnerable to a denial of service attack when numerous | overlapping byte ranges are requested. | Disclosure date: 2011-08-19 | References: | http://seclists.org/fulldisclosure/2011/Aug/175 | http://nessus.org/plugins/index.php?view=single&id=55976 | http://osvdb.org/74721 |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
Author: Duarte Silva <duarte.silva@serializing.me>
License: VER007 整理 http://www.ver007.com