Security 10809 Published by

Threadpost reports that a new version of the Apache Web Server is available that fixes the recently disclosed range header denial-of-service vulnerability.



The Apache Software Foundation, which maintains the Web server, said that all users should upgrade to the new release as soon as possible in order to take advantage of the patch for CVE-2011-3192. The vulnerability in Apache lies in the way that the server handles multiple overlapping ranges in Range headers. An attack tool that can exploit the vulnerability is circulating online and researchers say they have seen attacks utilizing the tool.
  Apache Fixes Range Header DoS Flaw