5 Replies Latest reply on Jan 10, 2014 2:19 AM by paulwang

    LEM vulnerability, how to solve it?

    paulwang

      Because information security policy,

      Vulnerability scanning must be done using IPS,

      There is a vulnerability scan results follows,

      How do I repair it ?


      HTTP Server Prone To Slow Denial Of Service Attack

      CVE-2007-6750 CVE-2009-5111

       

      Description:
      A denial of service vulnerability is present in some HTTP servers.

      Recommendation:
      Upgrade the Apache HTTP Server to the latest version that has "mod_reqtimeout" module support available by default.
      Then enable the module "mod_reqtimeout" and configure it to set the timeout and minimum data rate for receiving requests,
      An example configuration is as below:
      <IfModule reqtimeout_module>
      RequestReadTimeout header=10-20,minrate=500
      RequestReadTimeout body=10,minrate=500
      </IfModule>
      http://httpd.apache.org/docs/trunk/mod/mod_reqtimeout.html
      For customers who are not ready to use "mod_reqtimeout" module a workaround is to decrease the "Timeout" setting for Apache to 10 seconds or less, instead of the default
      5 minutes (300 seconds), in the Apache web server configuration file.

       

      Example:
      TimeOut 300
      https://httpd.apache.org/docs/2.0/mod/core.html#timeout
      Particular considerations have to be taken into account depending on each organization and the type of clients expected to connect to their web servers.
      HTTP servers that use the asynchronous I/O technique are not vulnerable to this attack. Some of those servers are: lighttpd, nginx, Apache's experimental event MPM, IIS 6,
      IIS7, Cherokee, etc.

       

      Observation:
      Apache HTTP Server is a widely used Web server. Apache -and other Web servers- bound each connection to a different process or thread.
      A denial of service vulnerability is present in some HTTP servers. The DoS occurs because the server allows incomplete connections to stay open for an unnecessary period
      of time. Processes are a limited resource, and thus the server cannot have infinite connections but instead a limited number of clients connected at the same time. The attacker
      will create multiple slow incomplete connection requests to the server causing it to reach the connections limit and make the server to stop responding to other legit requests.


      Common Vulnerabilities & Exposures (CVE) Link:
      CVE-2007-6750 CVE-2009-5111