daily pastebin goal
35%
SHARE
TWEET

Untitled

a guest Jun 16th, 2011 2,726 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.         Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day 
  2.  QID:
  3. 86847
  4. Category:
  5. Web server
  6. CVE ID:
  7. -
  8. Vendor Reference
  9. -
  10. Bugtraq ID:
  11. -
  12. Service Modified:
  13. 04/27/2011
  14. User Modified:
  15. -
  16. Edited:
  17. No
  18. PCI Vuln:
  19. No
  20. THREAT:
  21. The Apache HTTP Server, commonly referred to as Apache is a freely available Web server.
  22. Apache is vulnerable to a denial of service due to holding a connection open for partial HTTP requests.
  23. Apache Versions 1.x and 2.x are vulnerable.
  24.  
  25. IMPACT:
  26. A remote attacker can cause a denial of service against the Web server which would prevent legitimate users from accessing the site.
  27. Denial of service tools and scripts such as Slowloris takes advantage of this vulnerability.
  28.  
  29. SOLUTION:
  30. Patch:
  31. There are no vendor-supplied patches available at this time.
  32. Workaround:
  33. - Reverse proxies, load balancers and iptables can help to prevent this attack from occurring.
  34.  
  35. - Adjusting the TimeOut Directive can also prevent this attack from occurring.
  36.  
  37. - A new module mod_reqtimeout has been introduced since Apache 2.2.15 to provide tools for mitigation against these forms of attack, however; the module is marked experimental.
  38.  
  39. Also refer to Cert Blog and Slowloris and Mitigations for Apache document for further information.
  40.  
  41. COMPLIANCE:
  42. Not Applicable
  43. EXPLOITABILITY:
  44. There is no exploitability information for this vulnerability.
  45. ASSOCIATED MALWARE:
  46. There is no malware information for this vulnerability.
  47. RESULTS:
  48. Detected on port 443 - Apache 1.3
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top