On 06/28/2013 04:33 AM, David Sommerseth wrote: > On 27/06/13 19:02, Gerald Waugh wrote: >> Apache HTTP Server Overlapping Byte-Range Denial of Service >> >> Apache HTTP Server version 2.2.20 has been released to address this >> issue, though many vendors (Redhat, >> Debian, etc) have also backported fixes to address the problem. >> >> Does anyone know if this is fixed in 2.2.15 ? > I haven't checked myself, but I presume this command line could give > some qualified clues: > > $ rpm -q --changelog httpd Thanks David,
Turns out that the vulnerbility is covered in CVE-2011-3192 [root@www web]# rpm -q --changelog httpd | grep CVE-2011-3192 * Thu Sep 08 2011 Joe Orton <jor...@redhat.com> - 2.2.15-13 - add security fix for CVE-2011-3192 (#733063, #736592) -- Gerald
