Full Disclosure mailing list archives
Re: Apache Killer
From: Jari Fredriksson <jarif () iki fi>
Date: Wed, 24 Aug 2011 12:02:39 +0300
24.8.2011 11:03, Davide Guerri kirjoitti:
While waiting for an official patch, how about the following workaround?RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC] RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+ RewriteRule .* - [F]The workaround uses modrewrite to forbid get|head requests with multiple ranges in the Range HTTP header. The second regex could be improved but it works for the exploit released so far... Cheers, Davide.
Did not help here. Debian Squeeze with its Apache.
On 24/ago/2011, at 08:01, -= Glowing Sex =- wrote:This is handy to read for anyone who runs apache... its worth a look... thx kcope ;> xd On 24 August 2011 13:26, HI-TECH . <isowarez.isowarez.isowarez () googlemail com> wrote: Hello list, oops looks like this bug has nothing to do with mod_deflate/mod_gzip, read on here where the apache team is resolving the issue: http://www.gossamer-threads.com/lists/apache/dev/401638 Cheers, Kingcope 2011/8/20 Moritz Naumann <security () moritz-naumann com>:On 20.08.2011 00:23 HI-TECH . wrote:(see attachment) /KingcopeWorks (too) well here. Are there any workarounds other than rate limiting or detecting + dropping the traffic IPS-wise? Moritz_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Q: How many gradual (sorry, that's supposed to be "graduate") students does it take to screw in a light bulb? A: "I'm afraid we don't know, but make my stipend tax-free, give my advisor a $30,000 grant of the taxpayer's money, and I'm sure he can tell me how to do the gruntwork for him so he can take the credit for answering this incredibly vital question."
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apache Killer, (continued)
- Re: Apache Killer root (Aug 24)
- Re: Apache Killer Dan Kaminsky (Aug 24)
- Re: Apache Killer root (Aug 24)
- Re: Apache Killer Dan Kaminsky (Aug 24)
- Re: Apache Killer root (Aug 25)
- Re: Apache Killer -= Glowing Sex =- (Aug 23)
- Re: Apache Killer Davide Guerri (Aug 24)
- Re: Apache Killer -= Glowing Sex =- (Aug 24)
- Re: Apache Killer Davide Guerri (Aug 24)
- Re: Apache Killer Jan Gehring (Aug 24)
- Re: Apache Killer Jari Fredriksson (Aug 24)
- Re: Apache Killer Davide Guerri (Aug 24)
- Re: Apache Killer Jari Fredriksson (Aug 24)
- Re: Apache Killer ZOne (Aug 25)
- Re: Apache Killer Marco Ermini (Aug 25)
- Re: Apache Killer David (Aug 25)
- Re: Apache Killer Douglas Huff (Aug 24)
- Re: Apache Killer Douglas Huff (Aug 24)
- Re: Apache Killer Davide Guerri (Aug 24)
- Message not available
- Re: Apache Killer -= Glowing Sex =- (Aug 24)