OVHcloud Bare Metal Cloud Status

Current status
Legend
  • Operational
  • Degraded performance
  • Partial Outage
  • Major Outage
  • Under maintenance
FS#5732 — Apache DoS vulnerability (range header)
Incident Report for Bare Metal Cloud
Resolved
A denial of service vulnerability has been found in Apache web server.
All versions of Apache 1.3.x and 2.x.x are vulnerable.

Official patch has not yet been published by the Apache team. Attack tools are wildly available.
You'll find details on this issue and some temporary fix here :
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e

A patch for Release 1 and Release 2 distros is already available.

Update(s):

Date: 2011-09-01 15:54:40 UTC
Fixed distros :
Debian http://www.debian.org/security/2011/dsa-2298.en.html
Redhat http://rhn.redhat.com/errata/RHSA-2011-1245.html

>From source, Apache 2.2.20 is available :
http://mirror.ovh.net/ftp.apache.org/dist/httpd/
Posted Aug 27, 2011 - 13:16 UTC