FS#1752 — FS#5732 — Apache DoS vulnerability (range header)
Attached to Project— Distributions/OS
Incident | |
Linux | |
CLOSED | |
![]() |
A denial of service vulnerability has been found in Apache web server.
All versions of Apache 1.3.x and 2.x.x are vulnerable.
Official patch has not yet been published by the Apache team. Attack tools are wildly available.
You'll find details on this issue and some temporary fix here :
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e
A patch for Release 1 and Release 2 distros is already available.
Date: Thursday, 29 September 2011, 12:45PMAll versions of Apache 1.3.x and 2.x.x are vulnerable.
Official patch has not yet been published by the Apache team. Attack tools are wildly available.
You'll find details on this issue and some temporary fix here :
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e
A patch for Release 1 and Release 2 distros is already available.
Reason for closing: Done
Fixed distros :
Debian http://www.debian.org/security/2011/dsa-2298.en.html
Redhat http://rhn.redhat.com/errata/RHSA-2011-1245.html
>From source, Apache 2.2.20 is available :
http://mirror.ovh.net/ftp.apache.org/dist/httpd/