Nasty Apache denial of service vulnerability
Nasty Apache denial of service vulnerability
[Security] Posted Aug 24, 2011 19:32 UTC (Wed) by corbet
The Apache project has sent out an advisory warning of an easily-exploited
denial of service vulnerability in all versions of the Apache server.
"An attack tool is circulating in the wild. Active use of this tool
has been observed.
The attack can be done remotely and with a modest number of requests can
cause very significant memory and CPU usage on the server.
The default Apache HTTPD installation is vulnerable.
There is currently no patch/new version of Apache HTTPD which fixes this
vulnerability. This advisory will be updated when a long term fix
is available.
" A fix is expected "within 48 hours"; a number of
workarounds are provided in the advisory for those who cannot wait.