Apache HTTPD 2.2.20 ã«ãŠã‘る変更点 (CVE-2011-3192 Range header DoS 対ç–) - LowPriorityæ—¢ã«ãƒ˜ãƒƒãƒ€å‰Šé™¤è¨å®šã§å¯¾å¿œã‚’終ãˆãŸäººã‚‚多ã„ã¨æ€ã„ã¾ã™ãŒã€æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒå‡ºãŸæ§˜ãªã®ã§ã€‚ ã¾ã 未対ç–ã®äººã¯ã€ã©ã¡ã‚‰ã®å¯¾å¿œãŒãƒªã‚¹ã‚¯ãŒä½Žã„ã‹åˆ¤æ–ã—ã¦å¯¾ç–ã•ã‚Œã‚‹ã¨è‰¯ã„ã‹ã¨æ€ã„ã¾ã™ã€‚ æ–°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚¢ãƒŠã‚¦ãƒ³ã‚¹ã¯ä»¥ä¸‹ã§ã™ã€‚ Apache HTTP Server 2.2.20 Released http://www.apache.org/dist/httpd/Announcement2.2.html ä»–ã«å¤‰ã‚ã£ã¦ã‚‹ç®‡æ‰€ã‚‚ã‚ã‚Šã¾ã™ãŒã€ä»Šå›žã®è„†å¼±æ€§(CVE-2011-3192)対応ã§ä¿®æ£ã•ã‚ŒãŸ 箇所ã§ã€å¤–部ã‹ã‚‰ã‚¢ã‚¯ã‚»ã‚¹ã—ãŸéš›ã«ã‚‚変更ãŒã¿ã‚‰ã‚Œã‚‹ç‚¹ãŒãƒ¡ã‚¤ãƒ³ã«ãªã‚Šã¾ã™ã€‚ 当然プãƒã‚»ã‚¹ãŒè‚¥å¤§åŒ–ã™ã‚‹éƒ¨åˆ†ã¯ç›´ã£ã¦ã¾ã™ãŒã€å†…部動作ãªã®ã§è©³ç´°ã¯çœç•¥ã—ã¾ã™ã€‚ ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯2.2.19ã¨2.2.20ã®æ¯”較ã«ãªã‚Šã¾ã™ã€‚ Rangeリクエスト関連ã®å‡¦ç†ã§å¤‰æ›´ãŒã‚ã£ãŸã€ç„¡ã‹ã£ãŸç®‡æ‰€ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚ 動作ãŒå¤‰ã‚ã£ãŸç‚¹ 32区間を超ãˆ
Apache killerã¯å±é™ºï½žApache killerを評価ã™ã‚‹ä¸Šã§ã®æ³¨æ„~
ã¿ã¤ã‹ã¾ã›ã‚“ã‹? 外ã«å‡ºã¦éŠã³ã¾ã—ょã†! ï¼ ã³ã‚“ãŸã‚“
https://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%
Leading Managed Detection and Response | Trustwave
ã€æµ·å¤–ã‚»ã‚ュリティ】第35回:韓国ã§ã®å¤§è¦æ¨¡DDoS攻撃ã€æŠ€è¡“çš„å´é¢ã¨ãã®å¾Œã®å½±éŸ¿ã€€
{{#tags}}- {{label}}
{{/tags}}