https://issues.apache.org/bugzilla/show_bug.cgi?id=51878
Eric Covener <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #11 from Eric Covener <[email protected]> 2012-03-21 12:04:32 UTC --- (In reply to comment #10) > When "killapache.pl" script is executed against Opensource Apache 2.2.22 > Windows binary, it shows "host seems vuln" message. This behaviour was not > observed in Apache 2.2.21 version. Whether this means CVE-2011-3192 > vulnerability is re-introduced in Opensource Apache 2.2.22 version while > fixing > the below byterange regression? > > *) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20: > A range of '0-' will now return 206 instead of 200. PR 51878. > [Jim Jagielski] No, it means killapache.pl has crude detection for vulnerable hosts. It flags any system that responds to range headers. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
