[LUAU] Apache DoS vulnerability
Julian Yap
julian_yap at yahoo.com
Wed Aug 24 13:08:03 PDT 2011
Here is an article:
http://www.theregister.co.uk/2011/08/24/devastating_apache_vuln/
Try running the proof of concept here:
https://issues.apache.org/bugzilla/show_bug.cgi?id=51714
I ran it on some CentOS 5 and 6 (running httpd-2.2.15-5.el6.centos.x86_64) servers which reported no issues. It may be the default way that RHEL/CentOS has the network set up or perhaps does not enable the modules required. I suspect some distributions may be vulnerable with their default set up.
- Julian
More information about the LUAU
mailing list