[Phpwm] Apache DoS vulnerability

David Goodwin david at codepoets.co.uk
Thu Sep 1 14:37:53 UTC 2011

Yes, they (Apache) have released a fix - 


But I think Debian rolled their own fix - as per 

"Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file." 

and :


Although once released through Debian you would expect Ubuntu to effectively deploy the same fix and so on....


On 1 Sep 2011, at 14:12, Charles Barnwell wrote:

> Well, my good old Debian Lenny system had an update for apache
> yesterday. No sign of an update for Ubuntu yet.
> Charles
> On 27 August 2011 21:13, Rob Allen <rob at akrabat.com> wrote:
>> Thanks for the heads-up, David.  I'm back from a week's holiday today, so have updated my apache conf files appropriately with the info from http://lwn.net/Articles/456513/
>> Regards,
>> Rob..
> _______________________________________________
> Phpwm mailing list
> Website : http://www.phpwm.org
> Twitter : http://www.twitter.com/phpwm
> Facebook: http://www.facebook.com/group.php?gid=2361609907
> Post to list: Phpwm at mailman.lug.org.uk
> Archive etc : https://mailman.lug.org.uk/mailman/listinfo/phpwm

More information about the Phpwm mailing list