Blog Posts Tagged with "Apache"


Running Apache? Beware of "Armageddon"...

March 19, 2012 Added by:Kevin McAleavey

"Apache Killer" exploits a vulnerability in the server by sending a specially crafted Range HTTP header to trigger a denial-of-service condition, and a single computer is capable of bringing Apache to its knees. A botnet full of these can result in "tango down"...

Comments  (0)


MAC versus DAC in SELinux

September 25, 2011 Added by:Jamie Adams

This simple real-world example demonstrates how MAC rules supersede DAC settings. I encourage you to read the system documentation and experiment on lab systems. Too often system administrators become frustrated by "AVC Denial" messages and resort to disabling this enhanced security...

Comments  (0)


Apache Killer DoS Vulnerability Patch Released

August 31, 2011 Added by:Headlines

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.20 of the Apache HTTP Server with a fix for handling of byte-range requests and avoid a denial of service. We consider this release to be the best version of Apache available...

Comments  (0)


Mitigating the Apache Range Header DoS Vulnerability

August 28, 2011 Added by:Mark Baldwin

A new Apache DoS vulnerability was reported by security researcher Kingcope on the Full Disclosure mailing list that affects most default installations of Apache 1.3/2.x. Fortunately, there are some configuration settings that can be adjusted to mitigate this vulnerability...

Comments  (1)


Sony Knew It Was Running Obsolete Server Software

May 06, 2011 Added by:Headlines

"If Dr. Spafford's assessment is accurate, it's inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed..."

Comments  (0)


Configuring Web 2.0 Applications to be Friendly But Secure

February 25, 2011 Added by:Danny Lieberman

In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn. Even Linux geeks...

Comments  (0)


Hacker Releases Second Video of Enhanced XerXeS DoS Attack on Apache Vulnerability

March 11, 2010 Added by:Anthony M. Freed

Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS. This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations.

Comments  (15)