DmC Posted November 7, 2011 Posted November 7, 2011 I see that on stevie we use apache version 2.2.16. However, in version 2.2.20 a bug was fixed: A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. If someone exploits that, he could suspend accounts due to over-use of CPU and RAM.Right? I'm not sure about it (coz i'm not sure if httpd runs per account or per server.. ) or if its applicable in our case, but i posted it just in case you've missed it or smth. Feel free to delete it if its irrelevant.
Guest xaav Posted November 7, 2011 Posted November 7, 2011 We've been meaning to recompile apache, but have never gotten around to it. Also, we have other procedures in place that should protect us from this type of attack.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now