Re: [Full-disclosure] Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)




On 26 Aug 2011, at 12:09, Carlos Alberto Lopez Perez wrote:
RewriteEngine on
RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) [NC,OR]
RewriteCond %{HTTP:request-range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) [NC]
RewriteRule .* - [F]

Because if you don't specify the [OR] apache will combine the rules
making an AND (and you don't want this!).

Also use NC=(nocase) to prevent the attacker upper casing "bytes="
(don't know if it will work.. but just to prevent)

Thank you - will double check & add in next/final advisory.

Dw.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Nimda and others filter for apache
    ... Nimda and others filter for apache ... /* anti nimda coded by venomous for apache ... * request the urls that you specify on ./rdC-sf.config, ...
    (Incidents)
  • Re: ruby on server side
    ... here is the code snipshots: ... Please specify a file to Parse: ... myprogram.rb is executing fine over shell but when i try to execute via ... i dont have any ruby handler installed on apache? ...
    (comp.lang.ruby)
  • Re: loaded latest edition of Apache http server on XP, and installed php on that server...
    ... You need to specify the document root (the directory that Apache will ... ServerName www.glassangel.com.com:80 ...
    (comp.lang.php)
  • Log rotation / newsyslog / apache not reloaded
    ... My problem is that while the apache logs are rotated as specified in ... causes it to write log entries to the now compressed files. ... Which flag should I specify to make sure apache is reloaded during ... Zbigniew Szalbot ...
    (freebsd-questions)
  • Re: Frontpage and jails and possible alternatives
    ... I use the latest mod_frontpage module with Apache 1.3.31... ... I haven't tested whether or not it binds to *:80 or not when I specify an IP. ... >> Not sure what you mean that frontpage caused apache to bind to all ...
    (freebsd-questions)