rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_red
icon_orange
icon_red
icon_red
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#1752 — FS#5732 — Apache DoS vulnerability (range header)

Attached to Project— Distributions/OS
Incident
Linux
CLOSED
100%
A denial of service vulnerability has been found in Apache web server.
All versions of Apache 1.3.x and 2.x.x are vulnerable.

Official patch has not yet been published by the Apache team. Attack tools are wildly available.
You'll find details on this issue and some temporary fix here :
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e

A patch for Release 1 and Release 2 distros is already available.
Date:  Thursday, 29 September 2011, 12:45PM
Reason for closing:  Done
Comment by OVH - Thursday, 01 September 2011, 17:54PM

Fixed distros :
Debian http://www.debian.org/security/2011/dsa-2298.en.html
Redhat http://rhn.redhat.com/errata/RHSA-2011-1245.html

>From source, Apache 2.2.20 is available :
http://mirror.ovh.net/ftp.apache.org/dist/httpd/