Team, Apache web server need to be update. Major Linux distros already push the update. The exploit can be use to DDoS your apache web server without the need of many computers or zombies army.
For any setup not yet do the patching, please follow the mitigation process from the link below. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122d38...@minotaur.apache.org%3E ---- extract from mitigation section ---- Mitigation: ======= However there are several immediate options to mitigate this issue until a full fix is available: 1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then either ignore the Range: header or reject the request. Option 1: (Apache 2.0 and 2.2) # Drop the Range header when more than 5 ranges. # CVE-2011-3192 SetEnvIf Range (,.*?){5,} bad-range=1 RequestHeader unset Range env=bad-range # optional logging. CustomLog logs/range-CVE-2011-3192.log common env=bad-range Option 2: (Also for Apache 1.3) # Reject request when more than 5 ranges in the Range: header. # CVE-2011-3192 # RewriteEngine on RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) RewriteRule .* - [F] The number 5 is arbitrary. Several 10's should not be an issue and may be required for sites which for example serve PDFs to very high end eReaders or use things such complex http based video streaming. --------- Detail of the bug ------ Title: Range header DoS vulnerability Apache HTTPD 1.3/2.x CVE: CVE-2011-3192: Date: 20110824 1600Z Product: Apache HTTPD Web Server Versions: Apache 1.3 all versions, Apache 2 all versions http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. The exploit http://www.exploit-db.com/exploits/17696/ Jumpa kumpulan pakar untuk membincangkannya. Jemputan Hari Keselamatan ICT - OWASP Day Malaysia 2011 http://cikgucyber.blogspot.com/2011/09/jemputan-hari-keselamatan-ict-owasp-day.html -- To unsubscribe from and detail about this group http://portal.mosc.my/osdc-my-mailing-list-information OSDC.my Discussion Group In Facebook http://www.facebook.com/groups/osdcmalaysia/ Malaysia Open Source Conference 2012 MOSC2012 http://portal.mosc.my/
