Any WordPress issues with 20110824 Apache range header security vulnerability?

  • On August 24th, the Apache team issued a security bulletin about a denial of service vulnerability related to malicious usage of range headers. The bulletin (updated on Aug 26) can be found at:

    https://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%[email protected]%3E

    There is not yet a software update for Apache, but the bulletin outlines five options to mitigate the attack until a full software fix is available.

    Has anyone tried any of these mitigation options with a WordPress installation? Any sense of whether any of them would cause problems with WordPress?

    Thanks,
    Dan

Viewing 3 replies - 1 through 3 (of 3 total)

  • I’m not sure how much of that (if any) the average user can even change, let alone access, on standard shared hosts.

    In other words, it looks more like a hosting issue, or if you have that much control over your own box.

    Thread Starter DanYork

    (@danyork)

    Yes, that is probably the case for the vast majority of users (as it is for me with one site). But I’m being asked for one site by the people responsible for hosting if I know if any of these options will break WordPress.

    I’m going to try it out on a box under my own control – but was just curious to know if anyone else had yet had any experience with applying any of the options.

    This vulnerability has been known since I believe around 2007 (or huh it was mentioned…) Some may have not taken much interest in it because a DDOS attack does not necessarily need a server vulnerability. A server vulnerability like this may only make the attack simpler. If an an attacker wants to seriously DDOS your site, they do not need this vulnerability.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Any WordPress issues with 20110824 Apache range header security vulnerability?’ is closed to new replies.

Tags