The Apache HTTP web server is the most widely deployed Web server on the Internet today and it’s at risk from a serious denial of service (DoS) attack.
The ‘Apache Killer’ tool is now out in the wild enabling attackers to consume all of the memory on a Web server creating a DoS condition. Apache has issued multiple security advisories on the issue and are planning on releasing a patch this weekend.
“A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server,” Apache warned in its latest advisory. “The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.”