06-13-2010, 11:01 AM
|
|
LiteSpeed Staff
|
|
Join Date: Jul 2003
Location: New Jersey, USA
Posts: 99
|
|
All platform builds have been updated.
If you are unable to upgrade at this moment, please add mod_security rules to block this exploit suggested by khunj on webhostingtalk
Quote:
Just add this to 'Request Filter' at the server level:
Name : NULLBYTE
Action: deny,log
Eabled: yes
Rules Definition: SecRule REQUEST_URI "\x00"
Restart LS.
|
4.1RC build will be updated later.
|