Apache Killer killed

After waiting for 6 days, Apache Software Foundation finally released Apache 2.2.20 which removes the HTTP Range Exploit.   The fix is that if  the sum of all ranges in a request is larger than the original file, the server ignores the ranges and sends the complete file.

All system administrators should be relaxed now.  The most devastating bug in the history of the open source community has been eliminated.

No comments: