I have talked about ApacheKiller flaw in detail here with possible workaround to mitigate this flaw.
Last week, a DDoS mitigation service vendor Arbor Networks revealed a detailed report can be download from here which say,
Tag: apachekiller.pl
ApacheKiller.pl is Apache range request exploit which is discovered by @KingCope.
Few months back we posted Apache Range Byte flaw named ‘KillApache’ where we posted a perl script that can be use to freeze Apache web server in seconds(We have tested it) This time Miroslave Stampar(Co-Author of SQLMap tool) written this tool with few extended features in python scripting language named it ‘KillApachePy’
New enhancements :
- Automated input parameters
- Proxy support
- Chose custom page of your target
- Chose custom HTTP method e.g GET, HEAD
You can download it from github
Apache have released Patch for the recent range bytes request flaw which we published few days ago. This patch fix the Security flaw and
Change Log :
SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714.
You can download latest stable release here
If you are running CEntOS, you can update it in this way;
Check update using Yum Utility
yum check-update httpd
Install it
yum update httpd
If don’t want to update it, you can see this post for mitigation techniques.
We were following a thread , it was related to apache flaw which was discovered by KingCope.
What is ‘Apache Killer’ Flaw?
It sends multiple GET requests with dozens of “Byte Ranges” that will eat up server’s memory. Byte Range helps browswer or downloading applications to download required parts of file. This helps reduce bandwidth usage. While this script sends dozen of unsorted components in request header to cause apache server to malfunction.
It is DoS condition on Apache web Server. I performed a test with a script written by @KingCope and can confirm that it will eat up Server resource in seconds.
Although the patch isn’t available from apache.org yet, we are still waiting for an update from Apache.
When some one execute this attack on your server, it will eat up your 1 GB RAM in 10 seconds, your CPU load will hit 10 average load and our server will finally freeze. Test it out before Apache release the fix 😀