Forgot to add version is Apache/2.2.14 .
Link to the advisory is:
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/browser
t.
On Wed, Aug 24, 2011 at 9:02 PM, Tom Sztur wrote:
> so one of the mitigations for this advisory was:
>
>
> 1) Use SetEnvIf or mod_rewri
so one of the mitigations for this advisory was:
1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then
either ignore the Range: header or reject the request.
Option 1: (Apache 2.0 and 2.2)
# Drop the Range header when more than 5 ranges.
# CVE-2011
