Jump to content

Apache Question

DmC

By DmC
in Customer Service

 Share

Recommended Posts

DmC Contributor

DmC

Posted
Posted

I see that on stevie we use apache version 2.2.16.

 

However, in version 2.2.20 a bug was fixed:

 

A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack.

 

If someone exploits that, he could suspend accounts due to over-use of CPU and RAM.

Right?

 

I'm not sure about it (coz i'm not sure if httpd runs per account or per server.. :P) or if its applicable in our case, but i posted it just in case you've missed it or smth. :)

 

Feel free to delete it if its irrelevant.

Guest xaav

Guest xaav

Posted
Posted

We've been meaning to recompile apache, but have never gotten around to it. Also, we have other procedures in place that should protect us from this type of attack.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...