View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006389||CentOS-6||-OTHER||public||2013-04-09 03:41||2013-11-19 19:49|
|Status||resolved||Resolution||no change required|
|Platform||RHEL6||OS||CentOS 6.4 64-Bit||OS Version||CentOS 6.4 64Bit|
|Target Version||Fixed in Version|
|Summary||0006389: Apachekiller.pl Vulnerability. REMOTE DENIAL OF SERVICE / Apache Remote Memory Exhaustion - VULNERABILITY / RDoS / ARME Attack|
|Description||The stable version 2.2 of Apache which yum updates to is vulnerable to solely one attack at the moment because of the version "2.2". It seriously needs to be upgraded to 2.4.4 in the repositories because the Perl Script found here|
is capable of producing a Denial of Service attack effect on the 7th Layer "Application Layer" which is Apache. Please update Apache immediately Vulnerability Scanners are capable of finding this exploit as well. Please consult with CentOS developers, CentOS users which run Apache are in dire need for an upgrade to Apache 2.4.4 and compiling it from source is not very easy. Sorry to sound like a novice but the dependencies are not easy to deal with when compiling Apache 2.4.4 from Source. Thank you.
|Steps To Reproduce||http://seclists.org/fulldisclosure/2011/Aug/175|
|Additional Information||Default Apache in Repositories is vulnerable to a RDOS attack which is called Apache Remote Memory Exhaustion or ARME Attack. Please upgrade version in REPOs.|
This little tiny script left my server hanging for about 4 minutes, and though the stability of CentOS maintained after the attack was done a simple "vmstat -s" showed my virtual memory usage went flying to the roof and might have actually crashed my server. Please upgrade the Apache version to 2.4.4 all CentOS systems running Apache 2.2 have this flaw!
|Tags||No tags attached.|
Here is how it is performed.
|Apache will probably stay at 2.2 for the lifetime of CentOS-6 (or upstreams RHEL6). Fixes are usually packported, so the version you get from httpd has nothing to do with its vulnerability state. The CVE you mention is CVE-2011-3192, which is fixed with https://rhn.redhat.com/errata/RHSA-2011-1245.html since august 2011|
|Treating this now as RESOLVED. The mentioned CVE is fixed.|
|2013-04-09 03:41||kabeiroi||New Issue|
|2013-04-09 04:11||kabeiroi||Note Added: 0017176|
|2013-04-09 07:34||tigalch||Note Added: 0017178|
|2013-04-09 07:34||tigalch||Status||new => feedback|
|2013-11-19 19:49||tigalch||Note Added: 0018368|
|2013-11-19 19:49||tigalch||Status||feedback => resolved|
|2013-11-19 19:49||tigalch||Resolution||open => no change required|