Apache Fixes Range Header Flaw, Again

Apache Fixes Range Header Flaw, Again 21

Posted by samzenpus on Wednesday September 14, 2011 @05:09PM from the got-it-this-time dept.

Trailrunner7 writes "Two weeks after releasing a fix for the range-header denial-of-service flaw that was much-discussed on security forums and mailing lists, the Apache Software Foundation has pushed out another version of its popular Web server that includes a further fix for the same flaw. Apache 2.2.21 has a patch for the CVE-2011-3192 vulnerability that the group previously fixed in late August with the release of version 2.2.20. The vulnerability is an old one that recently resurfaced after a researcher published an advisory on a modified version of the bug and also released a tool capable of exploiting the vulnerability."

Apache Fixes Range Header Flaw, Again

This discussion has been archived. No new comments can be posted.

Search 21 Comments Log In/Create an Account

Comments Filter:

Re:Quick fixes (Score:2, Funny)

by Anonymous Coward writes: on Wednesday September 14, 2011 @05:38PM (#37403826)

meh, it's open source, why should you wait for apache to fix it for you? You can fix it yourself.
I set up apache on my grandmother's linux computer so she can share photos over webdav (she likes to gimp her pictures). I stopped by a couple days ago to update apache but to my surprise, she had already heard about the bug, downloaded the source code, got a master's degree in computer science, and fixed it herself.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Apache Fixes Range Header Flaw, Again 21

Apache Fixes Range Header Flaw, Again More Login

Apache Fixes Range Header Flaw, Again

Re:Quick fixes (Score:2, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot