Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day
- QID:
- 86847
- Category:
- Web server
- CVE ID:
- -
- Vendor Reference
- -
- Bugtraq ID:
- -
- Service Modified:
- 04/27/2011
- User Modified:
- -
- Edited:
- No
- PCI Vuln:
- No
- THREAT:
- The Apache HTTP Server, commonly referred to as Apache is a freely available Web server.
- Apache is vulnerable to a denial of service due to holding a connection open for partial HTTP requests.
- Apache Versions 1.x and 2.x are vulnerable.
- IMPACT:
- A remote attacker can cause a denial of service against the Web server which would prevent legitimate users from accessing the site.
- Denial of service tools and scripts such as Slowloris takes advantage of this vulnerability.
- SOLUTION:
- Patch:
- There are no vendor-supplied patches available at this time.
- Workaround:
- - Reverse proxies, load balancers and iptables can help to prevent this attack from occurring.
- - Adjusting the TimeOut Directive can also prevent this attack from occurring.
- - A new module mod_reqtimeout has been introduced since Apache 2.2.15 to provide tools for mitigation against these forms of attack, however; the module is marked experimental.
- Also refer to Cert Blog and Slowloris and Mitigations for Apache document for further information.
- COMPLIANCE:
- Not Applicable
- EXPLOITABILITY:
- There is no exploitability information for this vulnerability.
- ASSOCIATED MALWARE:
- There is no malware information for this vulnerability.
- RESULTS:
- Detected on port 443 - Apache 1.3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement