Am 29.12.2011 14:59, schrieb Johnny Hughes:
That flaw as absolutely no "access" component. It allows a DDOS attack, not provide remote access to a machine.
From the bug:
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192)
How is that relevant to allowing access to someone's server.
and if you have a webserver and the webserver can be easily killed with a DOS the bug is CRITICAL, if you can kill any PUBLIC SERVICE remote a bug is CRITICAL
what exactly do you not understand while these are simple facts - your definition of critical is broken if you think anything where you can not get into the machine is not
and yes i tried the demo-exploits which killed a quad-core with 16 GB memory within some seconds