Top ASX-listed companies vulnerable to Apache DoS exploit

Powered by SC Magazine
 

Attack launched over 3G

Twenty six of the top 200 ASX-listed companies are vulnerable to an Apache web server denial of service exploit according to a penetration testing company.

The exploit issues partial content requests to Apache httpd which causes the daemon to swap memory to the file system, eventually triggering a denial of service attack

The attack was released by researcher Kingcope on the Full Disclosure mailing list.

HackLabs director Chris Gatford tested the exploit and found it could work over a 3G mobile connection.

"We edited the exploit script and removed the DoS (Denial of Service) payload and then used it determine how many sites could be affected," Gatford said.

Gatford said 91 of the top 1000 Australian sites listed by Alexa appeared vulnerable to the exploit.

HackLabs said firewalls, intrusion prevention systems or IP table rules could be used to mitigate the attack.

Curl can be run to test exposure to the attack by determining if partial content is supported on by Apache;

curl -H "Range:bytes=1-" -I http://target.com | grep Partial

Apply a patch to add support to turn off partial content.

Copyright © SC Magazine, Australia


Top ASX-listed companies vulnerable to Apache DoS exploit
Tags
 
 
 
Top Stories
Australia's digital crescendo
Barely unpacked from his move from Amsterdam, Southern Cross Austereo's new digital boss Vijay Solanki is looking for Australia's untapped potential.
 
Turnbull nabs UK govt digital guru as DTO chief
Inaugural CEO to lead change agenda.
 
NBN to offer TV connections through fibre for greenfields
Ditching aerials to come at a cost.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Is site blocking effective in stopping piracy?


   |   View results
Yes
  2%
 
No
  86%
 
Somewhat
  12%
TOTAL VOTES: 754

Vote