Urchin is not vulnerable to latest Apache DoS bug CVE-2011-3192

There’s a new important bug in apache webserver, all versions are affectedtand allows remote attackers to cause a denial of service DoS (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges.

I’ve just tested it, and looks like latest Urchin Software releases aren’t affected 6.603 and 7.100 .

REQUEST
HEAD / HTTP/1.1
Host: localhost:9999
Range:bytes=0-
Accept-Encoding: gzip
Connection: close

HTTP/1.1 200 OK

You can read more about this bug here: CVE-2011-3192

David Vallejo

Google Analytics Consultant and implementer. I have some experience with Google Tag Manager
Follow me: @thyng

Author: David Vallejo

Google Analytics Consultant and implementer. I have some experience with Google Tag Manager Follow me: @thyng

Leave a Reply

Your email address will not be published. Required fields are marked *