Document Properties
Kbid
22X761
Last Modified
12-Sep-2011
Added to KB
12-Sep-2011
Public Access
Everyone
Status
Online
Doc Type
TechTalk Newsletter
Unscheduled TechTalk: Custom Fix regarding Apache Webservers

The Custom Fix was built to provide Intershop Customers the Apache HTTP Server 2.2.20 Update.

Intershop TechTalk
An unscheduled Technical Newsletter for Supported Intershop Customers Security Advice

The Apache Webserver Security Flaw is fixed

Version 2.2.20 of the Apache HTTP Server is now available in a Custom Fix

On August 20, a flaw was found in the way the Apache HTTP Server handled Range HTTP headers.
A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack.
A first update and workaround for Intershop Customers was published on August 26.

Today, Intershop Customer Support provides a patch to fix the flaw on your Enfinity 6.4 system. Follow the link to download it:

Operating System Patch
Solaris sparc: Custom Fix 6.4.0.0.KNPRVZ6D
Solaris x86: Custom Fix 6.4.0.0.LMNX1340
win32: Custom Fix 6.4.0.0.FGPT39BC
Linux: Custom Fix 6.4.0.0.MNTU1360

Attention! Please note that Apache Foundation hasn’t released a fixed version for Apache 2.0.x (used with Enfinity version below 6.4). For these versions please use the workaround as described in the last update.
Best regards, your Intershop Customer Support Team

German Version:

Die Apache Webserver Sicherheitslücke wurde geschlossen

Die Version 2.2.20 des Apache HTTP Servers ist jetzt als Custom Fix verfügbar

Am 20. August wurde ein Fehler bei der Verarbeitung von HTTP Headern im Apache HTTP Server Range bekannt.
Ein Angreifer könnte über HTTP Requests mit einem speziell gearbeiteten Range Header diesen Fehler ausnutzen. Eine hohe Requestzahl in kurzer Zeit veranlasst den Webserver (httpd), eine erhebliche Menge Speicher zu verwenden und eine hohe CPU-Last zu erzeugen. Dies könnte Teil einer DoS Atacke sein.
Ein erstes Update und ein Workaround wurden am 26. August veröffentlicht.

Intershop Customer Support bietet Ihnen heute ein Custom Fix für Enfinity 6.4 zum Herunterladen an, welcher dieses Problem löst:

Betriebssystem Patch
Solaris sparc: Custom Fix 6.4.0.0.KNPRVZ6D
Solaris x86: Custom Fix 6.4.0.0.LMNX1340
win32: Custom Fix 6.4.0.0.FGPT39BC
Linux: Custom Fix 6.4.0.0.MNTU1360

Achtung! Bitte beachten Sie, dass Apache keine funktionierende Version für Apache 2.0.x herausgegeben hat (welche für Enfinity-Versionen älter als 6.4 verwendet werden). In diesen Fällen verwenden Sie bitte den Workaround, wie er im letzten Update beschrieben wurde.
Viele Grüße, Ihr Intershop Customer Support Team

Intershop TechTalk is distributed quarterly to all Intershop customers with Support Agreements. Intershop Customer Support continually strives to improve its services, including this newsletter. As always, your feedback is important. Please send your suggestions to techtalk@intershop.de.
Disclaimer
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.
The Intershop Knowledge Portal uses only technically necessary cookies. We do not track visitors or have visitors tracked by 3rd parties. Please find further information on privacy in the Intershop Privacy Policy and Legal Notice.
Home
Knowledge Base
Product Releases
Log on to continue
This Knowledge Base document is reserved for registered customers.
Log on with your Intershop Entra ID to continue.
Write an email to supportadmin@intershop.de if you experience login issues,
or if you want to register as customer.