Is the Access Gateway Service susceptible to Apache HTTP Server Byte Range DoS: CVE-2011-3192

  • 7009308
  • 07-Sep-2011
  • 26-Apr-2012


Novell Access Manager 3.1 Access Gateway Service (AGS)
AGS running on Windows and Linux platforms
Novell Access Manager 3.1 SUpport Pack 3 Interim Release 2 applied


There has been a recent report of a vulnerability against Apache HTTP Server with a Byte Range DoS (CVE-2011-3192). Novell Access Manager ships with an Apache proxy server, whose version (v 2.2-13) is within the range of versions that could be susceptible to this vulnerability.


The Access Gateway service is not vulnerable to this DoS. There is a script available at that allows you to test out the vulnerability. Running the test against the AGS shows that the code is not vulnerable.

ncsles11xen:~ # perl 50
Host does not seem vulnerable