Apache <= 2.2.11 easily DDoSable

Discussion in 'Apache' started by digitalpoint, Oct 28, 2009.

0
  1. #1
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1891
    For anyone running web servers, you really want to apply this patch... Pretty much every version of Apache can wreck itself by consuming all it's CPU time trying to compress something that isn't even there. It can be triggered simply by someone sending a malformed HTTP request to your web server, resulting in CPU loads > 1000.
     
    digitalpoint, Oct 28, 2009 IP
  2. ChrisMiller

    ChrisMiller Prominent Member

    Messages:
    1,934
    Likes Received:
    81
    Best Answers:
    0
    Trophy Points:
    315
    #2
    Thanks for letting us know about this I know a client of mine has a server running either that version or a similar version that has been complaining about high CPU usage maybe ill try this out to see if it helps him.
     
    ChrisMiller, Oct 29, 2009 IP
  3. Luke Carrier

    Luke Carrier Peon

    Messages:
    19
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I am so glad cPanel fixed EasyApache up for newer versions of Apache so quickly...it's one monster of a bug.
     
    Luke Carrier, Oct 29, 2009 IP
  4. Bohra

    Bohra Prominent Member

    Messages:
    12,573
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #4
    Thanks for lettiing me normally i doo install softwares like ddos deflate on server which helps prevent ddos
     
    Bohra, Oct 29, 2009 IP
  5. n3r0x

    n3r0x Well-Known Member

    Messages:
    257
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    120
    #5
    Thanks for the heads up.. changed to cherokee instead..:)
     
    n3r0x, Nov 1, 2009 IP