Bug#705830: apache2: Apache Range Exploit Detector
Package: apache2.2-common
Version: 2.2.16-6+squeeze11
Severity: normal
Hello, I discover this site:
http://apache-range-exploit.com/
and apache 2.2.16 is vulnerable to this type of attack.
Thanks!
Pol
-- Package-specific info:
List of enabled modules from 'apache2 -M':
actions* alias auth_basic authn_file authz_default authz_groupfile
authz_host authz_user autoindex cgi deflate dir env mime
negotiation php5 reqtimeout rewrite setenvif ssl status
(A * means that the .conf file for that module is not enabled in
/etc/apache2/mods-enabled/)
List of enabled php5 extensions:
curl gd gmp imagick mcrypt mysql mysqli pdo pdo_mysql pdo_sqlite
pspell recode snmp sqlite sqlite3 suhosin
-- System Information:
Debian Release: 6.0.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.2.16-6+squeeze11 Apache HTTP Server - traditional n
ii apache2.2-common 2.2.16-6+squeeze11 Apache HTTP Server common files
apache2 recommends no packages.
apache2 suggests no packages.
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.16-6+squeeze11 utility programs for webservers
ii apache2.2-bin 2.2.16-6+squeeze11 Apache HTTP Server common binary f
ii libmagic1 5.04-5+squeeze2 File type determination library us
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap
ii perl 5.10.1-17squeeze6 Larry Wall's Practical Extraction
ii procps 1:3.2.8-9squeeze1 /proc file system utilities
-- no debconf information
Reply to: