Pages

Subscribe:

2012年9月11日 星期二

Apache byte range DoS 簡易測試

簡易測試Apache是否存在Byte Range問題...

Byte Range說明參考RFC 2616:http://www.ietf.org/rfc/rfc2616.txt  
 14.35   Range ....................................................138
   14.35.1    Byte Ranges ...........................................138
   14.35.2    Range Retrieval Requests ..............................139


相關背景說明參考:
http://seclists.org/fulldisclosure/2011/Aug/175
http://lwn.net/Articles/456268/
http://httpd.apache.org/security/CVE-2011-3192.txt




step1. telnet port 80

#telnet 127.0.0.1 80

ste2. input test http header
HEAD / HTTP/1.1
Host: 127.0.0.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Pragma: no-cache
Request-Range: bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10
Accept-Language: en
Connection: Keep-Alive
Range: bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10
回應 200 OK為正常
HTTP/1.1 200 OK
Date: Mon, 10 Sep 2012 05:25:05 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2011 09:46:23 GMT
ETag: "d019a-5e-4b523df60f9c0"
Accept-Ranges: bytes
Content-Length: 94
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html
 回應206且下方回傳byteranges即為存在。
HTTP/1.1 206 Partial Content
Date: Mon, 10 Sep 2012 05:25:55 GMT
Server: Apache
Last-Modified: Wed, 28 Dec 2011 09:46:23 GMT
ETag: "13d05a1-5e-df60f9c0"
Accept-Ranges: bytes
Content-Length: 827
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: multipart/x-byteranges; boundary=4c9523120ba4d4181

how to fix.
upgrade apache to 2.2.20 or later.
or http://httpd.apache.org/security/CVE-2011-3192.txt

0 意見:

張貼留言