https://issues.apache.org/bugzilla/show_bug.cgi?id=51714
Bug #: 51714
Summary: Byte Range Filter might consume huge amounts of memory
combined with compressed streams
Product: Apache httpd-2
Version: 2.2.17
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P2
Component: All
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Created attachment 27429
--> https://issues.apache.org/bugzilla/attachment.cgi?id=27429
DoS Exploit for mentioned vulnerability
At least apache 2.2.17 has a remotely exploitable dos vulnerability which
allows to consume all memory on a target system. A request for triggering the
memory consumption includes a large "Range" header which requests as many
different bytes as possible from a file served by httpd. Combining this with a
gzip "Accept-Encoding" header the httpd is assumed to compress each of the
bytes requested in the Range header seperately consuming large memory regions.
The behaviour when compressing the streams is devestating and can end up in
rendering the underlying operating system unusable when the requests are sent
parallely. Symptomps are swapping to disk and killing of processes including
but not solely httpd processes.
How to repeat:
Execute the attached perl script for a vulnerable httpd, means Byte Range
filter and mod_deflate/mod_gzip enabled.
Sidenote:
Apache should be aware of that through posting to full disclosure. Nevertheless
should in my opinion this bug be resolved.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
