Workarounds Issued For 'Apache Killer' Attack

An unpatched security flaw in the popular Web server software could enable crippling DDoS attacks.

Dark Reading: The Apache Foundation has issued an alert about a security flaw in its extremely popular Web server software that could enable crippling DDoS attacks launched from a single PC. "By sending specially crafted HTTP requests which include malformed range HTTP header, an attacker can disrupt the normal function of the web server, thus disallowing legitimate users to receive responses from the web server," reads the advisory. "This issue affects all Apache software versions and a patch has not been released yet."

Apache expects to release a patch for the problem within the week. Until then, they offered several workarounds, including limiting the size of the HTTP request field to "a few hundred bytes."

Tags: security vulnerability

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.