Apache HTTP Server mod_deflate Remote Denial Of Service Vulnerability

[Jim Perrin]

On Sat, Mar 6, 2010 at 8:16 AM,  <ravishankar.gundlapali at wipro.com> wrote:
> Hi,
>     I am using Nagios 3.2.4 with Nagios-Plugins-1.4.14 and on Red Hat Fedora
> Linux ver 10.1.
> My security team has identified the following vulnerability and they have
> given a action item for me.
> Apache HTTP Server mod_deflate Remote Denial Of Service Vulnerability
> Please someone help me what action can be taken on this.

This is an apache issue and not really a nagios issue. You should
check with your vendor (aka Fedora) for an updated apache fix that
addresses the vulnerability your security team identified.

On a personal note I'd recommend not using fedora for a server if you
want to have any sense of long-term usage of the system. Fedora tends
to go through releases rather quickly, where distros more targeted to
the enterprise have several years of support for a release. For
example: RHEL, CentOS and Scientific Linux all support their releases
for 7 years.  Fedora supports a release for around 12-18 months.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null