lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <BAE87C07-EA57-4198-A465-8AB57FE16CE6@gmail.com> Date: Mon, 29 Aug 2011 16:39:59 -0700 From: Andrew Farmer <andfarm@...il.com> To: Nikolay Kichukov <hijacker@...um.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192) On 2011-08-26, at 08:12, Nikolay Kichukov wrote: > Hi, > This one works like charm on my debian stable > > LimitRequestFieldSize 200 > > in the apache2.conf as global directive for all vhosts. Be cautious about applying this mitigation -- it *will* break applications which use large cookies. In particular, the cookies generated by Google Analytics are often over 200 bytes long alone. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists