What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

want to fix Apache HTTP Server Byte Range DoS

Votes:

0

want to fix Apache HTTP Server Byte Range DoS on 7.2.4.5051

apache fixing nms

Created on Nov 4, 2013 12:52:22 PM



3 Replies

Votes:

0

Hi,
may you please elucidate? What exactly do you want to fix here?
Best regards

Created on Nov 4, 2013 1:28:39 PM by Konstantin Wolff [Paessler Support]



Votes:

0

The web server running on the remote host is affected by a denial of service vulnerability.

The version of Apache HTTP Server running on the remote host is affected by a denial of service vulnerability. Making a series of HTTP requests with overlapping ranges in the Range or Request-Range request headers can result in memory and CPU exhaustion. A remote, unauthenticated attacker could exploit this to make the system unresponsive.

Exploit code is publicly available and attacks have reportedly been observed in the wild.

Nessus determined the server is unpatched and is not using any of the suggested workarounds by making the following requests :

Apache is being used for NMS. Can I upgrade apache to next version and expect NMS to work? I have PRTG Network Monitor 7.2.4.5051. and Apache affected with CVE-2011-3192 – Apache killer DOS vulnerability.

Created on Nov 5, 2013 11:51:00 AM



Votes:

0

Hi,
I assume you are using Apache as Reverse Proxy for your PRTG installation? If so, there should be no issues when upgrading the same, you should only make sure tu update mod_rewrite as well and then make sure there have been no syntax changes in there.
Apart from that it should just continue working.
Best regards

Created on Nov 5, 2013 12:58:48 PM by Konstantin Wolff [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.