'Kill tool' released for unpatched Apache server vulnerability

The open-source Apache Software Foundation warns that active use of a 'killapache' attack tool targeting an unpatched vulnerability has been observed.
Written by Ryan Naraine, Contributor

The open-source Apache Foundation has warned that attack tool has been released for a serious vulnerability in the Apache HTTPD Web Server.

The 'killapache' attack tool is currently circulating in the wild. "Active use of this tools has been observed, Apache warned.

"The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server," according to an advisory that documents a denial-of-service flaw in the default Apache HTTPD installation.

The group described the issue as a range header DoS vulnerability and offered several pre-patch mitigations to limit the damage from a malicious denial-of-server attack.

"Apache HTTPD users who are concerned about a DoS attack against their server should consider implementing any of the mitigations," Apache said.

A patch or new apache release for Apache 2.0 and 2.2 is expected later this week.

Editorial standards