new apache 2.2.18

Discussion dans 'Panneaux de Contrôle' démarrée par guillaume, Mai 12, 2011.

  1. guillaume

    guillaume Member

    une vulnerabilité etant trouver dans la version 2.2.17 .
    Apache nous propose de passer a la 2.2.18,cette nouvelle version corrige une attaque dos.

    moderate: apr_fnmatch flaw leads to mod_autoindex remote DoS CVE-2011-0419

    A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.

    Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack.

    pour ceux qui ont la branche 2.2.X IL EST CONSEILLER DE METTRE A JOUR.A+
     

Partager cette page