Apache HTTP Server 2.2.20 Released
Apache HTTP Server 2.2.20 Released
[Security] Posted Aug 31, 2011 12:53 UTC (Wed) by jake
Apache has released an update to its HTTP server that fixes the denial of service problem that was reported on August 24 (and updated on August 26). We should see updates from distributions soon, though it should be noted that Debian put out an update on August 29. "Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
"