httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "CVE-2011-3192" by wrowe
Date Fri, 09 Sep 2011 23:40:01 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "CVE-2011-3192" page has been changed by wrowe:
http://wiki.apache.org/httpd/CVE-2011-3192?action=diff&rev1=6&rev2=7

Comment:
several grammatical and time clarifications

  
  This vulnerability concerns a 'Denial of Service' attack. This means that
  a remote attacker, under the right circumstances, is able to slow your
- service or server down to a craw. Leaving it unable to serve legitimate
- clients in a timely manner.
+ service or server down to a crawl or exhausting memory available to serve
+ requests, leaving it unable to serve legitimate clients in a timely manner.
  
  There are no indications that this leads to a remote exploit; where a
  third party can compromise your security and gain foothold of the server
  itself. The result of this vulnerability is purely one of denying service
- by grinding your server down to an halt.
+ by grinding your server down to a halt and refusing additional connections
+ to the server.
  
  Background and the 2007 report
  ==============================
@@ -96, +97 @@

  FIX
  ====
  
- This vulnerability has been fixed in release 2.2.20  and beyond. You are
+ This vulnerability has been fixed in release 2.2.20 and further corrected
- advised to upgrade to version 2.2.21 (or newer, or 2.0.65 once that version
- is published).
+ in 2.2.21. You are advised to upgrade to version 2.2.21 (or newer) or the
+ legacy 2.0.65 release, once these are published.  The 2.2.21 package is
+ currently undergoing review, and a 2.0.65 package is also expected during
+ this month.
  
- If you cannot upgrade - you can apply a Patch and recompile:
+ If you cannot upgrade, or cannot wait to upgrade - you can apply the 
+ appropriate source code patch and recompile a recent existing version;
  
    http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/ (for 2.2.9 - .14)
    http://www.apache.org/dist/httpd/patches/apply_to_2.2.19/ (for 2.2.15 - .19)
    http://www.apache.org/dist/httpd/patches/apply_to_2.0.64/ (for 2.0.55 - .64)
  
  If you cannot upgrade and/or cannot apply above patches in a timely manner
- then you could consider to apply te mitigations suggested below.
+ then you should consider to apply one or more of the mitigation suggested below.
  
  CAVEATS
  =======

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message