'Kill tool' released for unpatched Apache server vulnerability

Summary:The open-source Apache Software Foundation warns that active use of a 'killapache' attack tool targeting an unpatched vulnerability has been observed.

The open-source Apache Foundation has warned that attack tool has been released for a serious vulnerability in the Apache HTTPD Web Server.

The 'killapache' attack tool is currently circulating in the wild. "Active use of this tools has been observed, Apache warned.

"The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server," according to an advisory that documents a denial-of-service flaw in the default Apache HTTPD installation.

follow Ryan Naraine on twitter

The group described the issue as a range header DoS vulnerability and offered several pre-patch mitigations to limit the damage from a malicious denial-of-server attack.

"Apache HTTPD users who are concerned about a DoS attack against their server should consider implementing any of the mitigations," Apache said.

A patch or new apache release for Apache 2.0 and 2.2 is expected later this week.

Topics: Open Source, Security, Servers

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.