Apache Zero-Day Exploit dubbed “Apache Killer”

It has recently come to the attention of SpeedySparrow that a new exploit code dubbed “Apache Killer” has arrived, discovered and diagnosed more than 54 months ago it seems that the new attack against the Apache Web-Server has finally arrived.

 

The new exploit has the capability of bringing down an entire Apache system with the use of a single PC. The dubbed exploit “Apache Killer” vulnerability acts in a way to which sends multiple GET requests to the system containing overlapping byte ranges, the current exploit is known to affect systems running versions of Apache from v1.3 to the latest release (current fixes are in place) but a definite fix from Apache is being heavily awaited.

 

Apache has noted that a release should hopefully be released within the next 96 hours, even though this is a time-frame away SpeedySparrow will be taking the necessary actions to ensure systems that we are hosting are protected from this rather new and known exploit and all necessary protection methods will be enforced immediately on all active servers.

 

All current and active VPS customers that are running Apache on their systems should be warned to take appropriate action.

 

Please refer to the Suggested Fixes that have been released, these can be used in time till a new fix is released by Apache.

forum
  • http://twitter.com/ARub1 Adam

    If you are using CloudFlare, it shouldn’t be a problem. They’ve released a fix.

    • http://speedysparrow.com Sean Bowtell

      I did read that on their forum as well, sadly for those that do not use it will need to use a re-route on a suggested fix until Apache can actually secure an actual patch for it.

      96 hours and counting :)

  • http://www.facebook.com/profile.php?id=100001112648487 Oliver Bryan

    *gets his armgeddon clock out*

    • http://speedysparrow.com Sean Bowtell

      I would not go that far just yet, there is no current extreme killer that could totally destroy the system (or maybe there is) but at the end of the day it will be patched.

      If you are one of those providers without the fix, well you may as well call it a day.