IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New SOAB! Apache... has a neat legacy support exploit...
leading to resource over-usage.

CVE-2011-3192

Perfect.

Fix it to update to apache.latest or to use mitigation in the following page in every vhost. Search for "Mitigation:"

http://wiki.apache.o...tpd/CVE-2011-3192

Done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.

But this is also a fundamental protocol design issue... bleah.

Box this affects you in your new position, horribly.

Drook, you to, it just means you are going over your usage.

Anyone else on a hosted machine, updates need to get done, since this is already in the wild and I've already experienced massive load from it on some of the sites we host... due to the nature of the hosted sites.
Expand Edited by folkert Nov. 23, 2011, 01:00:13 PM EST
New Time to look at nginx
Only problem is using nginx vs. apache is a server-level option. I can't do it for my test domain first and work out the kinks.
--

Drew
New Servers updated.
It took longer for this server to upgrade from Natty to Oneiric than it did for my Linode server to upgrade from Maverick through Natty to Oneiric.

All done now.
-Mike

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759 Historical Review of Pennsylvania
     SOAB! Apache... has a neat legacy support exploit... - (folkert) - (2)
         Time to look at nginx - (drook)
         Servers updated. - (mvitale)

Hm. It all seems to cancel out. I’m back to not caring.
78 ms