Full Disclosure mailing list archives
Re: Apache Killer
From: "-= Glowing Sex =-" <doomxd () gmail com>
Date: Wed, 24 Aug 2011 18:24:20 +1000
Ciao davide, Very nice , thanks for the submittal and thoughts regarding thisissue, all of it is handy.. Only problem with these patches, unless you look at the advisory/and or patch and see exactly what needs to be filteed, only then maybe can have a really tough regex, wich btw would be VERY cool and handy.! Good line of thinking anyhow. Props. xd On 24 August 2011 18:03, Davide Guerri <davide.guerri () gmail com> wrote:
While waiting for an official patch, how about the following workaround?RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC] RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+ RewriteRule .* - [F]The workaround uses modrewrite to forbid get|head requests with multiple ranges in the Range HTTP header. The second regex could be improved but it works for the exploit released so far... Cheers, Davide. On 24/ago/2011, at 08:01, -= Glowing Sex =- wrote:This is handy to read for anyone who runs apache... its worth a look...thx kcope ;>xd On 24 August 2011 13:26, HI-TECH . <isowarez.isowarez.isowarez () googlemail com> wrote:Hello list, oops looks like this bug has nothing to do with mod_deflate/mod_gzip, read on here where the apache team is resolving the issue: http://www.gossamer-threads.com/lists/apache/dev/401638 Cheers, Kingcope 2011/8/20 Moritz Naumann <security () moritz-naumann com>:On 20.08.2011 00:23 HI-TECH . wrote:(see attachment) /KingcopeWorks (too) well here. Are there any workarounds other than rate limiting or detecting + dropping the traffic IPS-wise? Moritz_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apache Killer, (continued)
- Re: Apache Killer Dirk-Willem van Gulik (Aug 25)
- Re: Apache Killer root (Aug 24)
- Re: Apache Killer Michal Zalewski (Aug 24)
- Re: Apache Killer root (Aug 24)
- Re: Apache Killer Dan Kaminsky (Aug 24)
- Re: Apache Killer root (Aug 24)
- Re: Apache Killer Dan Kaminsky (Aug 24)
- Re: Apache Killer root (Aug 25)
- Re: Apache Killer -= Glowing Sex =- (Aug 23)
- Re: Apache Killer Davide Guerri (Aug 24)
- Re: Apache Killer -= Glowing Sex =- (Aug 24)
- Re: Apache Killer Davide Guerri (Aug 24)
- Re: Apache Killer Jan Gehring (Aug 24)
- Re: Apache Killer Jari Fredriksson (Aug 24)
- Re: Apache Killer Davide Guerri (Aug 24)
- Re: Apache Killer Jari Fredriksson (Aug 24)
- Re: Apache Killer ZOne (Aug 25)
- Re: Apache Killer Marco Ermini (Aug 25)
- Re: Apache Killer David (Aug 25)
- Re: Apache Killer Douglas Huff (Aug 24)