| Message view | « Date » · « Thread » |
|---|---|
| Top | « Date » · « Thread » |
| From | Nick Kew <n...@webthing.com> |
| Subject | Re: CVE-2011-3192: Range header DoS vulnerability in Apache 1.3 and Apache 2 (DRAFT-3) |
| Date | Wed, 24 Aug 2011 20:17:15 GMT |
On Wed, 24 Aug 2011 09:30:34 -0400
Eric Covener <covener@gmail.com> wrote:
> Or more like Ruedigers:
>
> SetEnvIf Range (,[^,]*){5,} bad-range=1
Or just
Untaint HTTP_RANGE (,[^,]*){5,}
Is it time to re-suggest dropping mod_taint into trunk?
--
Nick Kew
| |
| Mime |
|
| View raw message | |