httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [users@httpd] CVE-2011-3192 fix for Apache 2.0.x
Date Fri, 09 Sep 2011 00:15:01 GMT
On Thu, Sep 8, 2011 at 7:56 PM,  <Bryan.Laipple@gdc4s.com> wrote:
> Hello,
>
> The description for security vulnerability CVE-2011-3192
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192) notes that
> it applies to Apache HTTP Server 2.0.x through 2.0.64.  A fix has been
> applied and available in the 2.2.x version, but currently there is not
> one for 2.0.x.
>
> Is 2.0.x truly vulnerable and is there an estimated time when a fix will
> be available?

2.0.x is as vulnerable as 2.2.x.

This is being discussed to some extent on the developer mailing list
(dev@httpd.apache.org).

http://httpd.apache.org/lists.html#http-dev

Check the archives for such a question earlier today.

Check the overloaded thread "[PATCH] byterange patch for 2.2.20" for
an initial, unreviewed patch for 2.0.64.




>
> Thank you,
>
> Bryan Laipple
> Software Engineer
>
> GENERAL DYNAMICS C4 Systems
> 8201 E. McDowell Road
> Scottsdale, AZ 85257
> H8175-028
> Office: 480-441-4064
> bryan.laipple@gdc4s.com
>
> This message and/or attachments may include information subject to GDC4S
> S.P. 1.8.6 and GD Corporate Policy 07-105 and are intended to be
> accessed only by authorized recipients. Use, storage and transmission
> are governed by General Dynamics and its policies. Contractual
> restrictions apply to third parties. Recipients should refer to the
> policies or contract to determine proper handling. Unauthorized review,
> use, disclosure or distribution is prohibited. If you are not an
> intended recipient, please contact the sender and destroy all copies of
> the original message.
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



-- 
Born in Roswell... married an alien...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message