Search blog for

Incapsula Protects Against New Apache DOS Vulnerability

Incapsula Security Advisory:

Apache web server is prone to denial of service attacks – CVE-2011-3192

A denial of service vulnerability in the Apache web server was recently publicly disclosed. By sending specially crafted HTTP requests which include malformed range HTTP header, an attacker can disrupt the normal function of the web server, thus disallowing legitimate users to receive responses from the web server.

This issue affects all Apache software versions and a patch has not been released yet. A working proof of concept (POC) has been released that exploits this vulnerability.

This is a highly critical vulnerability due to Apache currently serving more than 60% of all web sites worldwide.

Web sites that are using Incapsula are configured to block illegal resource access attempts and are protected from such exploit attempts.

References:

https://issues.apache.org/bugzilla/show_bug.cgi?id=51714

http://www.securityfocus.com/bid/49303

http://seclists.org/fulldisclosure/2011/Aug/175