Apache httpd remote denial of service
Submitted by Justine Edic
Assigned to The GIMP web bugs mail alias
Link to original bug (#735268)
Description
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server:
http://seclists.org/fulldisclosure/2011/Aug/175
An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
Attack details Current version is : 2.2.15
IMPACt -Remote Denial of Service
FIX -Upgrade to the latest version of Apache HTTP Server (2.2.20 or later), available from the Apache HTTP Server Project Web site.