On Wed, Aug 31, 2011 at 6:22 AM, Paul Reilly <[email protected]> wrote: > Why is there no information about the recent header Rang DoS vulnerability > in Apache on the Apache security page? > > http://httpd.apache.org/security/ > > I would have expected at least to see some mention of it, and possible > work-arounds.
Only vulnerabilities which are fixed in a release are listed there. As 2.2.20 is now released, the corresponding 2.2 security page has been updated. An advisory is available with more detailed information about the vulnerability, including workarounds. The most recent version is at http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%[email protected]%3E --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected]
