Apache Vulnerability Patch

From Wiki

Jump to: navigation, search

The Apache Foundation already released a patch for the recently reported DoS vulnerability with Apache 2.2.21 and if you want to protect your web server from the exploit, you should upgrade your web server to the latest Apache 2.2.21.

Servers running Apache 1.3, 2.0 and 2.2.20 or older though are still vulnerable to this exploit which is why we released an open source module that applies the security patch for those Apache versions. The module is called mod_rangelimit and it is available for servers running CentOS 5.3+ or RHEL 5.3+ The patch implements all the fixes in Apache 2.2.21 so if you're unable to upgrade immediately, it will come handy and will save you a lot of potential troubles with the nasty vulnerability. The module is available in 1H repository which can be installed by running:

rpm -Uvh http://sw.1h.com/centos/1h-repository.noarch.rpm

Once installed you can use yum to load mod_rangelimit for your server. Use the corresponding package version for your Apache web server:

yum install mod_rangelimit-ap13

yum install mod_rangelimit-ap20

yum install mod_rangelimit-ap22


1H software products are secure and protected from this or similar vulnerabilities. The patch mentioned above was released to help people running older versions of Apache easily protect their servers from this vulnerability.

Personal tools