There is a nasty Apache exploit going around right now that exploits a vulnerability in versions 1.3.x, 2.0.x and 2.2.x. Basically, it allows the process to exhaust all available memory and crash by sending GET requests with overlapping byte ranges. The methodology seems to borrow a page from the teardrop attack. Yes, I’ve been studying for a security certification….
Look for a patch later this week, probably sometime this weekend. If you run your own web server, this is something you need to watch for.
Once again, at least one exploit for this is in the wild. The writeup for the bug contains several possible workarounds until a fix appears.
David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.