An updated Apache DOS advisory
An updated Apache DOS advisory
[Security] Posted Aug 26, 2011 15:31 UTC (Fri) by corbet
The Apache project has updated its advisory on the recently-disclosed
denial-of-service vulnerability. The news is not good: the scope of the
vulnerability has grown, the workarounds have become more complex, and
there is still no fix available. "There are two aspects to this vulnerability. One is new, is Apache specific;
and resolved with this server side fix. The other issue is fundamentally a
protocol design issue dating back to 2007.
"