[ISN] Apache warns Web server admins of DoS attack tool

From: InfoSec News <alerts_at_private>
Date: Thu, 25 Aug 2011 06:13:04 -0500 (CDT)
http://www.computerworld.com/s/article/9219471/Apache_warns_Web_server_admins_of_DoS_attack_tool

By Gregg Keizer
Computerworld
August 24, 2011

Developers of the Apache open-source project today warned users of the 
popular Web server software that a denial-of-service (DoS) tool is 
circulating that exploits a bug in the program.

The tool, called "Apache Killer," showed up last Friday in a post to the 
"Full Disclosure" security mailing list.

Today, the Apache project acknowledged the vulnerability that the attack 
tool exploits, and said it would release a fix for Apache 2.0 and 2.2 in 
the next 48 hours.

"A denial of service vulnerability has been found in the way the 
multiple overlapping ranges are handled by Apache," the group said in a 
security advisory. According to Apache, all versions in the 1.3 and 2.0 
lines are vulnerable to attack.

The group no longer supports the older Apache 1.3.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Received on Thu Aug 25 2011 - 04:13:04 PDT

This archive was generated by hypermail 2.2.0 : Thu Aug 25 2011 - 04:09:04 PDT