Watch out for this Apache bug

There is a nasty Apache exploit going around right now that exploits a vulnerability in versions 1.3.x, 2.0.x and 2.2.x. Basically, it allows the process to exhaust all available memory and crash by sending GET requests with overlapping byte ranges. The methodology seems to borrow a page from the teardrop attack. Yes, I’ve been studying for a security certification….


Look for a patch later this week, probably sometime this weekend. If you run your own web server, this is something you need to watch for.

Once again, at least one exploit for this is in the wild. The writeup for the bug contains several possible workarounds until a fix appears.

If you found this post informative or helpful, please share it!