httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "CVE-2011-3192" by wrowe
Date Fri, 09 Sep 2011 16:04:21 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "CVE-2011-3192" page has been changed by wrowe:
http://wiki.apache.org/httpd/CVE-2011-3192?action=diff&rev1=5&rev2=6

  
     WARNING These directives need to be specified in every configured
     vhost, or inherited from server context as described in:
+    http://httpd.apache.org/docs/current/mod/mod_rewrite.html#vhosts
  
  2) Use mod_headers to completely dis-allow the use of Range headers:
  
@@ -194, +195 @@

  
  4) Deploy a Range header count module as a temporary stopgap measure.
  
+      http://people.apache.org/~dirkx/mod_rangecnt-improved/
+ 
     An improved stop-gap module for the 2.x series was provided by
     Guenter Knauf and can be found at:
+ 
+      http://people.apache.org/~dirkx/mod_rangecnt.c
  
  Note
  ====
@@ -209, +214 @@

  ==================================
  
  Red Hat:        Has additional RHEL specific information at:
+                 https://bugzilla.redhat.com/show_bug.cgi?id=732928
  
  NetWare:        Pre compiled binaries available.
  
  mod_security:   Has updated their rule set; see
+                 http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html
  
  
  Actions:

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message