Solutions Now Available for Apache Killer
If you are a frequent reader of this blog, you are more or less already familiar with denial-of-service (DoS) attacks. Such an attack typically targets specific systems or servers and “floods” it with information in order to prevent legitimate users from accessing information or services.
This time around, we observed a DoS attack exploiting a specific vulnerability. This is different from the usual known DoS attack methods. DoS attacks are typically done by flooding the target site with traffic (SYN flooding, UDP flooding, ICMP flooding). What makes this attack noteworthy, however, is that it does not require the use of a huge amount of traffic. All the attacker has to do is to send the especially crafted HTTP request, which will render the site inaccessible.
We recently did a deeper analysis of the said vulnerability (CVE-2011-3192) found in certain versions of Apache HTTP Server that allows a remote attacker to conduct a DoS attack by sending a small HTTP request.
The vulnerability exists in the byterange filter in Apache HTTP Server 1.3.x, 2.0.x through 2.0.64 and 2.2.x through 2.2.19. It can be exploited by a range header that expresses multiple overlapping ranges. The proof of concept for the exploit that abuses this vulnerability was published in August. A tool that conducts DoS attacks by exploiting this vulnerability was later created and dubbed as the “Apache Killer.” Apache already patched this security hole last week.
A typical attack scenario exploiting this vulnerability involves sending an HTTP request with multiple range:bytes header to the Apache server.
 |
Once the server receives the said request, it will create each bucket as a number of crafted range:bytes HTTP header items and insert a bucket-to-bucket brigade. This will cause heightened memory consumption and, eventually, a DoS.
 |
Web administrators who use Apache HTTP Server are advised to apply the patch as soon as possible. While patch management for vulnerability remediation can be a painful exercise for IT departments, Trend Micro Deep Security shields systems from threats that may leverage vulnerabilities in systems until patches become available and are deployed. Trend Micro provides protection against threats leveraging this vulnerability through Deep Security, specifically rule VSU11-026 (1004782 – Apache httpd Range Header Remote Denial Of Service).
Post from: TrendLabs | Malware Blog – by Trend Micro
Solutions Now Available for Apache Killer
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet