Bis es einen Fix gibt, hilft übrigens eine Rewrite-Regel: Code: RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC] RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+ RewriteRule .* - [F] (http://seclists.org/fulldisclosure/2011/Aug/241)
Zumindest in Debian scheint das jetzt gefixt zu sein. Code: Fetched 229 kB in 0s (865 kB/s) Reading package lists... Done Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apache2 apache2-mpm-prefork apache2-suexec-custom apache2-utils apache2.2-bin apache2.2-common 6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 2,013 kB of archives. After this operation, 12.3 kB of additional disk space will be used. Do you want to continue [Y/n]?
im Apache 2.2.20 nun offiziell geschlossen http://www.golem.de/1108/86098.html http://www.heise.de/newsticker/meldung/Apache-Update-behebt-Byte-Range-Schwachstelle-1333772.html
