SymptomsParallels Virtuozzo Containers for Linux and Parallels Virtual Automation Management Node use Apache as a web server for providing Offline Management and PVA Control Center functionality.
These products are also affected by CVE-2011-3192 .
The issue is fixed in PVA 4.6-1777.
ResolutionIf your Parallels virtualization product allows an upgrade to 4.6-1777, then it is suggested that you upgrade to that version (for both PVA Agent and PVA Management Nodes).
For more information, refer to this article:
112297 Parallels Virtual Automation 4.6 builds, releases, and supported virtualization products
If your virtualization product is not supported by PVA 4.6-1777, it is possible to apply a workaround.
For PVA Agent (on Parallels Server Bare Metal or Parallels Virtuozzo Containers server), edit /etc/opt/pva/pp/plugins/httpd/httpd22.conf and /etc/opt/pva/pp/plugins/httpd/httpd22.conf.template files and add the highlighted line:
RequestHeader unset Range
For PVA Management Node edit /etc/opt/pva/cc/plugins/httpd/httpd22.conf and /etc/opt/pva/cc/plugins/httpd/httpd22.conf.template files and add the highlighted line:
Listen 4648TraceEnable offRequestHeader unset Range