(RHSA-2011:1329) Important: httpd and httpd22 security update

2011-09-21T04:00:00
ID RHSA-2011:1329
Type redhat
Reporter RedHat
Modified 2018-06-07T02:42:41

Description

The Apache HTTP Server is a popular web server.

A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192)

All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, Red Hat Enterprise Linux 4 users must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6 users must restart the httpd service, for the update to take effect.