«

0-Day Exploit “Apache-Killer”

Today I read about a 0-day exploit for the apache webserver on golem.de.

A quick test if the webserver on my debian VPS is also vulnerable was successful. :-(

But the proposed workaround works quite well for me.
Here are the steps, that I did to prevent my own apache webserver from being exploited (default apache2 installation debian squeeze):

#edit /etc/apache2/conf.d/security and add the following line (e.g. at the end of the file):
RequestHeader unset Range
#reload apache
/etc/init.d/apache2 reload

Testresults:
Before:

perl apachekiller.pl 62.75.151.120 50
host seems vuln
ATTACKING 62.75.151.120 [using 50 forks]

After:

perl apachekiller.pl 62.75.151.120 50
Host does not seem vulnerable

GREAT! :-) Simply trick, but works fine.

This entry was written by Thorsten , posted on Thursday August 25 2011at 10:08 am , filed under Uncategorized . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

One Response to “0-Day Exploit “Apache-Killer””

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«