httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruiyuan Jiang <>
Subject [users@httpd] Apache httpd Range header remote DoS
Date Fri, 04 Nov 2011 14:59:32 GMT
Hi, all

I have an Apache reverse proxy server (v2.2.21) redirects traffic from http to https for a
back end web server. I don't know the exact version of the back end Apache web server because
Oracle changed the version number but I am sure it is below v2.2.21. Our vulnerability scan
shows that the web site has:

Apache httpd Range header remote DoS (CVE-2011-3192) (apache-httpd-cve-2011-3192)

My question is that front end of Apache reverse proxy hide the back end web server problem,
isn't it? If not, how do I fix the problem besides to upgrade the version of back end Apache
web server? Thanks.

Ryan Jiang
Liz Claiborne, Inc.

This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended 
recipient, please notify the sender immediately by 
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.

View raw message