[Bug 839569] Re: Apache2 is still Range header DoS vulnerable if gzip compression is enabled
Steve Beattie
sbeattie at ubuntu.com
Wed Sep 7 06:22:12 UTC 2011
Paweł,
Can you confirm that sending a request with an overlapping byte range
e.g.:
HEAD / HTTP/1.1
Host: localhost
Range:bytes=1-15,10-35,8-9,14-22,0-5,23-
Accept-Encoding: gzip
Connection: close
returns "200 OK"?
Perhaps you could report what modules you have loaded? "apache2ctl -t -D
DUMP_MODULES" will do it.
I'm going to leave this bug open and make it public, as I've received
another report via email of a lucid user claiming that the update didn't
help their system, either, and if possible, I'd like them to chime in
here, too.
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/839569
Title:
Apache2 is still Range header DoS vulnerable if gzip compression is
enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/839569/+subscriptions
More information about the Ubuntu-server-bugs
mailing list