Friday, December 30, 2011

Important Apache (httpd) security Update

An important security update for httpd and solution for
  1. 'Devastating' Apache bug leaves servers exposed
  2. Apache released 2nd workaround for Devastating' Apache bug


Description of the bugs can be found at CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Solution:

# yum update httpd

No comments: