CentOS: Apache Security
- - 2.2.20 - Range header DoS vulnerability
  - 2.2.19 - apr_fnmatch flaw leads to mod_autoindex remote DoS

CentOS: Apache Security

CentOS 5 ships with Apache 2.2.12 by default. Security releases that affect this version are documented here.

2.2.20 - Range header DoS vulnerability

CVE-2011-3192

Denial of service attack. Some mitigation options exist.

Use mod_headers to completely dis-allow the use of Range headers

RequestHeader unset Range

Note that this may break certain clients - such as those used for e-Readers and progressive/http-streaming video.

Furthermore to ignore the Netscape Navigator 2-3 and MSIE 3 specific legacy header - add:

RequestHeader unset Request-Range

2.2.19 - apr_fnmatch flaw leads to mod_autoindex remote DoS

Denial of service attack.

Setting the IgnoreClient option to the IndexOptions directive disables processing of the client-supplied request query arguments, preventing this attack.

IndexOptions IgnoreClient

Table of Contents

CentOS: Apache Security

2.2.20 - Range header DoS vulnerability

Use mod_headers to completely dis-allow the use of Range headers

2.2.19 - apr_fnmatch flaw leads to mod_autoindex remote DoS

Search

Toolbox