Hi, I am the other user who reported that even after fully patching 10.04 LTS, I see that my virtual Lucid is still vulnerable. I am not sure where exactly is the problem, system resources or apache bug or my configuration.
OS: Ubuntu 10.04.3 LTS Memory = 512 MB 1 CPU : model name : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz nc www.server.name 80 HEAD / HTTP/1.1 Host: www.server.name Range:bytes=1-15,10-35,8-9,14-22,0-5,23- Accept-Encoding: gzip Connection: close HTTP/1.1 200 OK Date: Wed, 07 Sep 2011 15:05:30 GMT Server: Apache/2.2.14 (Ubuntu) Last-Modified: Mon, 02 Aug 2010 21:42:40 GMT ETag: "e51e-b1-48cde146fd1b1" Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 146 Connection: close Content-Type: text/html apache2ctl -t -D DUMP_MODULES Loaded Modules: core_module (static) log_config_module (static) logio_module (static) mpm_prefork_module (static) http_module (static) so_module (static) actions_module (shared) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) headers_module (shared) mime_module (shared) security2_module (shared) negotiation_module (shared) php5_module (shared) reqtimeout_module (shared) setenvif_module (shared) status_module (shared) unique_id_module (shared) Syntax OK -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/839569 Title: Apache2 is still Range header DoS vulnerable if gzip compression is enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/839569/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
