The Apache Web server is vulnerable to the so-called ‘Apache Killer’ tool, yet there are defenses.
The Apache HTTP web server is the most widely deployed Web server on the Internet today and it’s at risk from a serious denial of service (DoS) attack.
The ‘Apache Killer’ tool is now out in the wild enabling attackers to consume all of the memory on a Web server creating a DoS condition. Apache has issued multiple security advisories on the issue and are planning on releasing a patch this weekend.
“A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server,” Apache warned in its latest advisory. “The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.”
Apache also warns that the default Apache HTTPD installation is vulnerable.
While Apache Web servers are vulnerable by default, that doesn’t mean that there aren’t defenses against the attack. One of those defenses is by using an intrusion prevention system (IPS) like Snort. Like Apache, Snort is open source and available for free.
“The Snort engine’s HTTP Inspect preprocessor has an option to detect oversized HTTP headers, one of the key pieces of the Apache Killer tool,” Alex Kirk, senior research analyst with the Sourcefire Vulnerability Research Team(VRT) told InternetNews.com.
Read the rest about Apache security at eSecurityPlanet.