DmC Posted November 7, 2011 Share Posted November 7, 2011 I see that on stevie we use apache version 2.2.16. However, in version 2.2.20 a bug was fixed: A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. If someone exploits that, he could suspend accounts due to over-use of CPU and RAM.Right? I'm not sure about it (coz i'm not sure if httpd runs per account or per server.. ) or if its applicable in our case, but i posted it just in case you've missed it or smth. Feel free to delete it if its irrelevant. Quote Link to comment Share on other sites More sharing options...
Guest xaav Posted November 7, 2011 Share Posted November 7, 2011 We've been meaning to recompile apache, but have never gotten around to it. Also, we have other procedures in place that should protect us from this type of attack. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.