0-Day Exploit „Apache-Killer“

Today I read about a 0-day exploit for the apache webserver on golem.de.

A quick test if the webserver on my debian VPS is also vulnerable was successful. 🙁

But the proposed workaround works quite well for me.
Here are the steps, that I did to prevent my own apache webserver from being exploited (default apache2 installation debian squeeze):


#edit /etc/apache2/conf.d/security and add the following line (e.g. at the end of the file):
RequestHeader unset Range
#reload apache
/etc/init.d/apache2 reload

Testresults:
Before:

perl apachekiller.pl 62.75.151.120 50
host seems vuln
ATTACKING 62.75.151.120 [using 50 forks]

After:

perl apachekiller.pl 62.75.151.120 50
Host does not seem vulnerable

GREAT! 🙂 Simply trick, but works fine.

Eine Antwort auf „0-Day Exploit „Apache-Killer““

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.