[Info-vax] 'Kill tool' released for unpatched Apache server vulnerability
niv
nivwiz at gmail.com
Tue Aug 30 10:14:31 EDT 2011
Applied this (the normal "unset" doesn't work in Apache HTTPD 2.0.x,
see http://serverfault.com/questions/305032/applying-header-range-fix-to-apache-2-0-59-issue-cve-2011-3192
.
# Drop Range header when more than 5 ranges
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader set Range "dummy" env=bad-range
# This doesn't work in Apache HTTPD 2.0.x:
#RequestHeader unset Range env=bad-range
More information about the Info-vax
mailing list