| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E54BE2F.5030102@iki.fi>
Date: Wed, 24 Aug 2011 12:02:39 +0300
From: Jari Fredriksson <jarif@....fi>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Apache Killer
24.8.2011 11:03, Davide Guerri kirjoitti:
> While waiting for an official patch, how about the following workaround?
>
>> RewriteEngine On
>> RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC]
>> RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+
>> RewriteRule .* - [F]
>
>
> The workaround uses modrewrite to forbid get|head requests with multiple ranges in the Range HTTP header.
> The second regex could be improved but it works for the exploit released so far...
>
> Cheers,
> Davide.
>
Did not help here. Debian Squeeze with its Apache.
>
> On 24/ago/2011, at 08:01, -= Glowing Sex =- wrote:
>
>> This is handy to read for anyone who runs apache... its worth a look... thx kcope ;>
>> xd
>>
>>
>> On 24 August 2011 13:26, HI-TECH . <isowarez.isowarez.isowarez@...glemail.com> wrote:
>> Hello list,
>> oops looks like this bug has nothing to do with mod_deflate/mod_gzip,
>> read on here where the apache team is resolving the issue:
>>
>> http://www.gossamer-threads.com/lists/apache/dev/401638
>>
>> Cheers,
>>
>> Kingcope
>>
>> 2011/8/20 Moritz Naumann <security@...itz-naumann.com>:
>>> On 20.08.2011 00:23 HI-TECH . wrote:
>>>> (see attachment)
>>>> /Kingcope
>>>
>>> Works (too) well here. Are there any workarounds other than rate
>>> limiting or detecting + dropping the traffic IPS-wise?
>>>
>>> Moritz
>>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
Q: How many gradual (sorry, that's supposed to be "graduate") students
does it take to screw in a light bulb?
A: "I'm afraid we don't know, but make my stipend tax-free, give my
advisor a $30,000 grant of the taxpayer's money, and I'm sure he
can tell me how to do the gruntwork for him so he can take the
credit for answering this incredibly vital question."
Download attachment "signature.asc" of type "application/pgp-signature" (261 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists