Wednesday, August 31, 2011

Apache 2.2.20 released to fix DoS vulnerability

This afternoon the Apache Foundation released an awaited fix to the denial of service (DoS) vulnerability reported a few days ago.

The fixes in version 2.2.20 of the Apache httpd server reduce the amount of memory that is used by range requests. If the total bytes of a file requested exceed the total file size, httpd will return the entire file.

This follows closely on the heels of a tool released to the Full Disclosure mailing list this week that exploits the flaw.

Read more: Naked security
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://nakedsecurity.sophos.com/2011/08/31/apache-2-2-20-released-to-fix-dos-vulnerability/

Posted via email from Jasper-Net