httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51714] New: Byte Range Filter might consume huge amounts of memory combined with compressed streams
Date Wed, 24 Aug 2011 00:49:57 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51714

             Bug #: 51714
           Summary: Byte Range Filter might consume huge amounts of memory
                    combined with compressed streams
           Product: Apache httpd-2
           Version: 2.2.17
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P2
         Component: All
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: isowarez.isowarez.isowarez@googlemail.com
    Classification: Unclassified


Created attachment 27429
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=27429
DoS Exploit for mentioned vulnerability

At least apache 2.2.17 has a remotely exploitable dos vulnerability which
allows to consume all memory on a target system. A request for triggering the
memory consumption includes a large "Range" header which requests as many
different bytes as possible from a file served by httpd. Combining this with a
gzip "Accept-Encoding" header the httpd is assumed to compress each of the
bytes requested in the Range header seperately consuming large memory regions.
The behaviour when compressing the streams is devestating and can end up in
rendering the underlying operating system unusable when the requests are sent
parallely. Symptomps are swapping to disk and killing of processes including
but not solely httpd processes.

How to repeat:
Execute the attached perl script for a vulnerable httpd, means Byte Range
filter and mod_deflate/mod_gzip enabled.

Sidenote:
Apache should be aware of that through posting to full disclosure. Nevertheless
should in my opinion this bug be resolved.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message