Support ⇒ Security ⇒ DoS Attack On a Significant Flaw In Apache Released ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexSecurity

DoS Attack On a Significant Flaw In Apache Released Reply to topic


I'd judge this as pretty significant, since nearly all of us run on Apache, there is a exploit available (implemented in Perl), and the attacker resources required are very low.

Summary from Slashdot:

Zerimar points out that a significant flaw in Apache that can lead to a fairly trivial DoS attack is in the wild. Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid are confirmed vulnerable, while IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable. As of this writing, Apache Foundation does not have a patch available. From Rsnake's introduction to the attack tool:

"In considering the ramifications of a slow denial of service attack against particular services, rather than flooding networks, a concept emerged that would allow a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports. The ideal situation for many denial of service attacks is where all other services remain intact but the webserver itself is completely inaccessible. Slowloris was born from this concept, and is therefore relatively very stealthy compared to most flooding tools."


Currently, there is no patch available. There are a few techniques that might mitigate the problem partially, but they haven't been completely evaluated and likely won't be effective if the tool is used to wedge open POST connections.

It is pitch black. You are likely to be eaten by a grue.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu 12.04, Atom D525/Apache 2.2.22/MySQL 5.5.38/PHP 5.3.10/Dragonfly 9.4.0.0 CVS

All times are UTC


Jump to: