Top ASX-listed companies vulnerable to Apache DoS exploit

Powered by SC Magazine
 

Attack launched over 3G

Twenty six of the top 200 ASX-listed companies are vulnerable to an Apache web server denial of service exploit according to a penetration testing company.

The exploit issues partial content requests to Apache httpd which causes the daemon to swap memory to the file system, eventually triggering a denial of service attack

The attack was released by researcher Kingcope on the Full Disclosure mailing list.

HackLabs director Chris Gatford tested the exploit and found it could work over a 3G mobile connection.

"We edited the exploit script and removed the DoS (Denial of Service) payload and then used it determine how many sites could be affected," Gatford said.

Gatford said 91 of the top 1000 Australian sites listed by Alexa appeared vulnerable to the exploit.

HackLabs said firewalls, intrusion prevention systems or IP table rules could be used to mitigate the attack.

Curl can be run to test exposure to the attack by determining if partial content is supported on by Apache;

curl -H "Range:bytes=1-" -I http://target.com | grep Partial

Apply a patch to add support to turn off partial content.

Copyright © SC Magazine, Australia


Top ASX-listed companies vulnerable to Apache DoS exploit
Tags
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 437

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote