WordPress.org

Ready to get started?Download WordPress

Forums

Any WordPress issues with 20110824 Apache range header security vulnerability? (4 posts)

  1. DanYork
    Member
    Posted 2 years ago #

    On August 24th, the Apache team issued a security bulletin about a denial of service vulnerability related to malicious usage of range headers. The bulletin (updated on Aug 26) can be found at:

    http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110826103531.998348F82@minotaur.apache.org%3E

    There is not yet a software update for Apache, but the bulletin outlines five options to mitigate the attack until a full software fix is available.

    Has anyone tried any of these mitigation options with a WordPress installation? Any sense of whether any of them would cause problems with WordPress?

    Thanks,
    Dan

  2. I'm not sure how much of that (if any) the average user can even change, let alone access, on standard shared hosts.

    In other words, it looks more like a hosting issue, or if you have that much control over your own box.

  3. DanYork
    Member
    Posted 2 years ago #

    Yes, that is probably the case for the vast majority of users (as it is for me with one site). But I'm being asked for one site by the people responsible for hosting if I know if any of these options will break WordPress.

    I'm going to try it out on a box under my own control - but was just curious to know if anyone else had yet had any experience with applying any of the options.

  4. MickeyRoush
    Member
    Posted 2 years ago #

    This vulnerability has been known since I believe around 2007 (or huh it was mentioned...) Some may have not taken much interest in it because a DDOS attack does not necessarily need a server vulnerability. A server vulnerability like this may only make the attack simpler. If an an attacker wants to seriously DDOS your site, they do not need this vulnerability.

Topic Closed

This topic has been closed to new replies.

About this Topic