httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "CVE-2011-3192" by wrowe
Date Wed, 14 Sep 2011 17:11:31 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "CVE-2011-3192" page has been changed by wrowe:
http://wiki.apache.org/httpd/CVE-2011-3192?action=diff&rev1=12&rev2=13

  Versions:    Apache 2.0 - all versions prior to 2.2.20 and prior to 2.0.65
               Apache 1.3 is NOT vulnerable.
  
- Changes since last update
+ Draft changes since update 3
- =========================
+ ============================
+ Note PR #51748.
+ 
+ Changes since update 2
+ ======================
  2.2.20 has a fix, 2.2.21 an improved one. Version 1.3 is not vulnerable.
  Further regex/rule improvements.  Explained DoS.  Added wiki link.
  Highlight fact that LimitRequestFieldSize workaround was insufficient.
  
  Changes since update 1
- =========================
+ ======================
  In addition to the 'Range' header - the 'Request-Range' header is equally
  affected. Furthermore various vendor updates, improved regexes (speed and
  accommodating a different and new attack pattern).
@@ -46, +50 @@

  version 2.2 prior to 2.2.20 are vulnerable.
  
  Apache 2.2.20 does fix this issue; however with a number of side effects
- (see release notes). Version 2.2.21 corrects a protocol defect in 2.2.20,
+ (see release notes). Version 2.2.21 corrects a protocol defect in 2.2.20
+ (PR 51748 https://issues.apache.org/bugzilla/show_bug.cgi?id=51748 ),
  and also introduces the MaxRanges directive.
  
  Version 2.0.65 has not been released, but will include this fix, and is

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message