- Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day
- Web server
- CVE ID:
- Vendor Reference
- Bugtraq ID:
- Service Modified:
- User Modified:
- PCI Vuln:
- The Apache HTTP Server, commonly referred to as Apache is a freely available Web server.
- Apache is vulnerable to a denial of service due to holding a connection open for partial HTTP requests.
- Apache Versions 1.x and 2.x are vulnerable.
- A remote attacker can cause a denial of service against the Web server which would prevent legitimate users from accessing the site.
- Denial of service tools and scripts such as Slowloris takes advantage of this vulnerability.
- There are no vendor-supplied patches available at this time.
- - Reverse proxies, load balancers and iptables can help to prevent this attack from occurring.
- - Adjusting the TimeOut Directive can also prevent this attack from occurring.
- - A new module mod_reqtimeout has been introduced since Apache 2.2.15 to provide tools for mitigation against these forms of attack, however; the module is marked experimental.
- Also refer to Cert Blog and Slowloris and Mitigations for Apache document for further information.
- Not Applicable
- There is no exploitability information for this vulnerability.
- ASSOCIATED MALWARE:
- There is no malware information for this vulnerability.
- Detected on port 443 - Apache 1.3
a guest Jun 16th, 2011 2,798 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data