'Kill tool' released for unpatched Apache server vulnerability

The open-source Apache Software Foundation warns that active use of a 'killapache' attack tool targeting an unpatched vulnerability has been observed.

Written by Ryan Naraine, Contributor Aug. 24, 2011 at 4:09 a.m. PT

The open-source Apache Foundation has warned that attack tool has been released for a serious vulnerability in the Apache HTTPD Web Server.

The 'killapache' attack tool is currently circulating in the wild. "Active use of this tools has been observed, Apache warned.

"The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server," according to an advisory that documents a denial-of-service flaw in the default Apache HTTPD installation.

The group described the issue as a range header DoS vulnerability and offered several pre-patch mitigations to limit the damage from a malicious denial-of-server attack.

"Apache HTTPD users who are concerned about a DoS attack against their server should consider implementing any of the mitigations," Apache said.

A patch or new apache release for Apache 2.0 and 2.2 is expected later this week.

Editorial standards

Show Comments

'Kill tool' released for unpatched Apache server vulnerability

Related

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

Microsoft is now showing ads in Windows 11's Start menu. Here's how to block them

The Jackery Explorer 1000 is one of the best portable power stations you can buy, and it's on sale