Datamation Logo

Beware the ‘Apache Killer’ DoS Attack

Home Security
By Sean Michael Kerner
August 29, 2011
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More .

The Apache Web server is vulnerable to the so-called ‘Apache Killer’ tool, yet there are defenses.

The Apache HTTP web server is the most widely deployed Web server on the Internet today and it’s at risk from a serious denial of service (DoS) attack.

The ‘Apache Killer’ tool is now out in the wild enabling attackers to consume all of the memory on a Web server creating a DoS condition. Apache has issued multiple security advisories on the issue and are planning on releasing a patch this weekend.

“A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server,” Apache warned in its latest advisory. “The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.”

Apache also warns that the default Apache HTTPD installation is vulnerable.

While Apache Web servers are vulnerable by default, that doesn’t mean that there aren’t defenses against the attack. One of those defenses is by using an intrusion prevention system (IPS) like Snort. Like Apache, Snort is open source and available for free.

“The Snort engine’s HTTP Inspect preprocessor has an option to detect oversized HTTP headers, one of the key pieces of the Apache Killer tool,” Alex Kirk, senior research analyst with the Sourcefire Vulnerability Research Team(VRT) told InternetNews.com.

Read the rest about Apache security at eSecurityPlanet.

  SEE ALL
ARTICLES  
Previous Article
Beware the ‘Apache Killer’ DoS Attack
Next Article
Analysts Suggest Amazon Tab Could Steal Tablet Crown from Apple iPad

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

thumbnail AI in Cybersecurity: The Comprehensive Guide to Modern Security

AI in Cybersecurity: The Comprehensive Guide to Modern Security

AI
thumbnail What Is Cybersecurity? Definitions, Practices, Threats

What Is Cybersecurity? Definitions, Practices, Threats

Security
thumbnail How to Secure a Network: 9 Key Actions to Secure Your Data

How to Secure a Network: 9 Key Actions to Secure Your Data

Security
Datamation Logo

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Our Brands

Technologyadvice
ServerWatch
TechRepublic
Enterprise Networking Planet
eWeek
Project Management
eSecurity Planet
IT Business Edge
Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.