The Apache Foundation has version 2.2.20 published their HTTP server ,
in which the critical DoS vulnerability has been eliminated. A variety
verschachtelteter byte-range information in GET or HEAD requests leads
to a high memory usage of the Apache Web server. Several such questions
can bring a server to a halt.
A tool for the demonstration of the problem is in circulation for a
week. Reports of attacks on websites is not known, however.
Administrators can install the patch, the workaround to filter or
rewrite byte range to reverse. Under certain circumstances led to the
workarounds that can not resume downloads, or WebDAV does not work
properly.
No comments:
Post a Comment