[Phpwm] Apache DoS vulnerability
Rob Allen
rob at akrabat.com
Sat Aug 27 20:13:44 UTC 2011
Thanks for the heads-up, David. I'm back from a week's holiday today, so have updated my apache conf files appropriately with the info from http://lwn.net/Articles/456513/
Regards,
Rob..
On 25 Aug 2011, at 14:47, David Goodwin wrote:
>
> On 25 Aug 2011, at 14:31, Martin Meredith wrote:
>
>> Nice little command there David.
>>
>> Dan, the one with the 206 is vulnerable.
>>
>> Luckily- I spent the morning patching...
>
> I did that stuff last night; I think.
>
> If you have e.g. PHP answering /, (e.g. via rewrite etc etc) then I think you just need to change the URL to point to a static image (e.g. /favicon.ico) - then it'll work.
>
> If it returns a Content-Length > 90k then you're vulnerable.
>
>
> See lwn.net for a good article/post etc on the problem. I used the headers module to remove the range thing approach.
>
>
> thanks,
>
>
> David.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4219 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/phpwm/attachments/20110827/73149d66/attachment.bin>
More information about the Phpwm
mailing list