The vulnerability was fixed in Apache 2.2.20. For those unable to upgrade, a configuration workaround using mod_setenvif and mod_headers could be implemented to drop the Range header when more than a set number of ranges were detected.
The definitive solution is to upgrade to the latest stable version of the Apache HTTPd 2.4.x branch. Version 2.4 introduces structural security improvements, better memory management, and resistance to the legacy exploits that plague the 2.2 branch. 2. Apply Virtual Patching via WAF apache httpd 2222 exploit
(a more recent, critical Apache exploit). A checklist of hardening steps for Apache 2.4 . The specific steps to migrate from Apache 2.2 to 2.4 . Just let me know what you'd like to look into! Apache HTTP Server 2.2 vulnerabilities The vulnerability was fixed in Apache 2
. Echo smiles; they know this version hasn't yet received the 2.2.22 update, leaving it wide open to a flaw in protocol.c CVE-2012-0053 : Echo knows that modern browsers use Version 2
The most critical step is to ensure you are running a patched version of Apache HTTP Server. All versions are vulnerable and should be immediately upgraded to version 2.4.51 or later . For other vulnerabilities, upgrading to version 2.4.60 is recommended.