httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: CVE-2011-3192: Range header DoS vulnerability in Apache 1.3 and Apache 2 (DRAFT-3)
Date Wed, 24 Aug 2011 20:17:15 GMT
On Wed, 24 Aug 2011 09:30:34 -0400
Eric Covener <covener@gmail.com> wrote:

> Or more like Ruedigers:
> 
> SetEnvIf Range (,[^,]*){5,} bad-range=1

Or just
Untaint HTTP_RANGE (,[^,]*){5,}

Is it time to re-suggest dropping mod_taint into trunk?

-- 
Nick Kew

Mime
View raw message