Apache warns of 'Killer' DoS tool

An attack tool that enables a hacker to take down Apache servers is being used in the wild, Apache has warned.The default Apache HTTPD installation is vulnerable to the 'Apache Killer' denial-of-service tool, Apache said in an advisory on Wednesday.

An attack tool that enables a hacker to take down Apache servers is being used in the wild, Apache has warned.

The default Apache HTTPD installation is vulnerable to the 'Apache Killer' denial-of-service tool, Apache said in an advisory on Wednesday.

"An attack tool is circulating in the wild. Active use of this tools has been observed," said the advisory. "The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server."

The tool was publicised on the Full Disclosure mailing list on Saturday.

Apache Killer takes advantage of a five-year-old range-handling flaw, Google security researcher Michal Zalewski pointed out in Full Disclosure comments.

Apache developers are working on a fix, and have come up with a workaround.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All