Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 03 Sep 2011 19:23:47 -0400
From:      Glen Barber <gjb@FreeBSD.org>
To:        Alvaro Castillo <gobledb@gmail.com>
Cc:        www@freebsd.org
Subject:   Re: www/160247: Website vulnerability
Message-ID:  <4E62B703.5020801@FreeBSD.org>
In-Reply-To: <CADTnMhqsGKY9G=AcgfxMo=-rpz5Uu6RFv=m%2B_Kwu2Qzh%2BG8rOg@mail.gmail.com>
References:  <201108280102.p7S12ujx022732@red.freebsd.org> <4E5997E6.7040500@FreeBSD.org> <CADTnMhqsGKY9G=AcgfxMo=-rpz5Uu6RFv=m%2B_Kwu2Qzh%2BG8rOg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 9/3/11 4:29 PM, Alvaro Castillo wrote:
> On Sun, Aug 28, 2011 at 2:20 AM, Glen Barber <gjb@freebsd.org> wrote:
>> On 8/27/11 9:02 PM, Alvaro wrote:
>>>> Description:
>>> The problem is on mod_deflate.
>>>
>>
>> No it isn't.
>>
>> http://seclists.org/fulldisclosure/2011/Aug/236
>>
> 
> The problem has been fixed on Apache 2* but Apache 13 isn't maintained
> by Apache Foundation.
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
> 
> Sorry but mod_deflate was included... need to disable it and set Range
> Pequest and so on
> 
> http://translate.google.es/translate?hl=es&sl=es&tl=en&u=http%3A%2F%2Fwww.securityartwork.es%2F2011%2F08%2F25%2Fdenegacion-de-servicio-en-apache%2F
> 
> Not yet solved...
>  > perl killapache.pl www.freebsd.org
>  host seems vuln
>  ATTACKING www.freebsd.org [using 50 forks]
>  ^C
>

Sorry, but www.freebsd.org does not use Apache.

-- 
Glen Barber | gjb@FreeBSD.org
FreeBSD Documentation Project

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E62B703.5020801>