Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "CVE-2011-3192" page has been changed by wrowe: http://wiki.apache.org/httpd/CVE-2011-3192?action=diff&rev1=12&rev2=13 Versions: Apache 2.0 - all versions prior to 2.2.20 and prior to 2.0.65 Apache 1.3 is NOT vulnerable. - Changes since last update + Draft changes since update 3 - ========================= + ============================ + Note PR #51748. + + Changes since update 2 + ====================== 2.2.20 has a fix, 2.2.21 an improved one. Version 1.3 is not vulnerable. Further regex/rule improvements. Explained DoS. Added wiki link. Highlight fact that LimitRequestFieldSize workaround was insufficient. Changes since update 1 - ========================= + ====================== In addition to the 'Range' header - the 'Request-Range' header is equally affected. Furthermore various vendor updates, improved regexes (speed and accommodating a different and new attack pattern). @@ -46, +50 @@ version 2.2 prior to 2.2.20 are vulnerable. Apache 2.2.20 does fix this issue; however with a number of side effects - (see release notes). Version 2.2.21 corrects a protocol defect in 2.2.20, + (see release notes). Version 2.2.21 corrects a protocol defect in 2.2.20 + (PR 51748 https://issues.apache.org/bugzilla/show_bug.cgi?id=51748 ), and also introduces the MaxRanges directive. Version 2.0.65 has not been released, but will include this fix, and is --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
