Return-Path: X-Original-To: apmail-httpd-docs-archive@www.apache.org Delivered-To: apmail-httpd-docs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A062D800E for ; Fri, 9 Sep 2011 16:04:44 +0000 (UTC) Received: (qmail 69295 invoked by uid 500); 9 Sep 2011 16:04:44 -0000 Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 69137 invoked by uid 500); 9 Sep 2011 16:04:43 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: docs@httpd.apache.org List-Id: Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 69128 invoked by uid 99); 9 Sep 2011 16:04:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Sep 2011 16:04:43 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.131] (HELO eos.apache.org) (140.211.11.131) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Sep 2011 16:04:42 +0000 Received: from eos.apache.org (localhost [127.0.0.1]) by eos.apache.org (Postfix) with ESMTP id 355F6E68; Fri, 9 Sep 2011 16:04:22 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Apache Wiki To: Apache Wiki Date: Fri, 09 Sep 2011 16:04:21 -0000 Message-ID: <20110909160421.4908.53536@eos.apache.org> Subject: =?utf-8?q?=5BHttpd_Wiki=5D_Update_of_=22CVE-2011-3192=22_by_wrowe?= Auto-Submitted: auto-generated Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for cha= nge notification. The "CVE-2011-3192" page has been changed by wrowe: http://wiki.apache.org/httpd/CVE-2011-3192?action=3Ddiff&rev1=3D5&rev2=3D6 = WARNING These directives need to be specified in every configured vhost, or inherited from server context as described in: + http://httpd.apache.org/docs/current/mod/mod_rewrite.html#vhosts = 2) Use mod_headers to completely dis-allow the use of Range headers: = @@ -194, +195 @@ = 4) Deploy a Range header count module as a temporary stopgap measure. = + http://people.apache.org/~dirkx/mod_rangecnt-improved/ + = An improved stop-gap module for the 2.x series was provided by Guenter Knauf and can be found at: + = + http://people.apache.org/~dirkx/mod_rangecnt.c = Note =3D=3D=3D=3D @@ -209, +214 @@ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D = Red Hat: Has additional RHEL specific information at: + https://bugzilla.redhat.com/show_bug.cgi?id=3D732928 = NetWare: Pre compiled binaries available. = mod_security: Has updated their rule set; see + http://blog.spiderlabs.com/2011/08/mitigation-of-apache-r= ange-header-dos-attack.html = = Actions: --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org