•   22 September 2011 2:46 am
  •  

VPS/Dedicated with LAMP -> Security Vulnerability - Apache Killer, upgrade to 2.2.20

An exploit was posted to full-disclosure labelled “Apache Killerâ€. This script
creates a number of threads that use multiple Range headers to exhaust memory
on the Apache server.

Read more about it from https://bugzilla.redhat.com/show_bug.cgi?id=732928#c30

New version of apache is available for Directadmin and cPanel. So please upgrade the apache to 2.2.20

Changes with Apache 2.2.20

*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]

Comments

  Add Comment

Confirm Submission

Please enter the text from the image in the box provided; this helps us to prevent spam.