On Thu, Sep 8, 2011 at 7:56 PM, <bryan.laip...@gdc4s.com> wrote: > Hello, > > The description for security vulnerability CVE-2011-3192 > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192) notes that > it applies to Apache HTTP Server 2.0.x through 2.0.64. A fix has been > applied and available in the 2.2.x version, but currently there is not > one for 2.0.x. > > Is 2.0.x truly vulnerable and is there an estimated time when a fix will > be available?
2.0.x is as vulnerable as 2.2.x. This is being discussed to some extent on the developer mailing list (d...@httpd.apache.org). http://httpd.apache.org/lists.html#http-dev Check the archives for such a question earlier today. Check the overloaded thread "[PATCH] byterange patch for 2.2.20" for an initial, unreviewed patch for 2.0.64. > > Thank you, > > Bryan Laipple > Software Engineer > > GENERAL DYNAMICS C4 Systems > 8201 E. McDowell Road > Scottsdale, AZ 85257 > H8175-028 > Office: 480-441-4064 > bryan.laip...@gdc4s.com > > This message and/or attachments may include information subject to GDC4S > S.P. 1.8.6 and GD Corporate Policy 07-105 and are intended to be > accessed only by authorized recipients. Use, storage and transmission > are governed by General Dynamics and its policies. Contractual > restrictions apply to third parties. Recipients should refer to the > policies or contract to determine proper handling. Unauthorized review, > use, disclosure or distribution is prohibited. If you are not an > intended recipient, please contact the sender and destroy all copies of > the original message. > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Born in Roswell... married an alien... --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
