Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attack On a Significant Flaw In Apache Released

Posted by kdawson on from the take-it-slow dept.

Zerimar points out a significant flaw in Apache that can lead to a fairly trivial DoS attack is in the wild. Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid are confirmed vulnerable, while IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable. As of this writing, Apache Foundation does not have a patch available. From Rsnake's introduction to the attack tool: "In considering the ramifications of a slow denial of service attack against particular services, rather than flooding networks, a concept emerged that would allow a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports. The ideal situation for many denial of service attacks is where all other services remain intact but the webserver itself is completely inaccessible. Slowloris was born from this concept, and is therefore relatively very stealthy compared to most flooding tools."

3 of 203 comments (clear)

  1. Am i the only one who thinks that it's retarded... by Anonymous Coward · · Score: 0, Offtopic

    that I should have to reboot my MacBook for a freaking web browser update? And a minor release, at that. I just rebooted last week for a damned QuickTime update (also ridiculous). Come on, Apple engineers. Get your freaking head in the game!

  2. Re:Am i the only one who thinks that it's retarded by knavel · · Score: 0, Offtopic

    Apple, you can't bring that weak ass stuff up in this humpy bumpy! And you know this, baby! WOOOO!

  3. Re:Am i the only one who thinks that it's retarded by Anonymous Coward · · Score: 0, Offtopic

    Well, come on, you're using a Mac. It's not like you're doing any actual *work*...