Apache kill tool released


A simple perl script run against an unpatched Apache server could lead
to a Denial of Service (DoS) attack against the server. It causes the
Apache process to spiral out of control, consuming CPU and Memory on the
Host and in some cases, stops entirely.

During the attack, web pages served by the Apache process are slow or
non existent.

Apache.org has not released an official patch for this bug at the
moment. There are a number of workarounds to limit the effectiveness of
this attack, listed here.


We are looking to see if we can stop this attack via our IPS system, but
recommend that one of these workarounds be implemented on all Apache
servers in the interim.

Please respond with your plans for this vulnerability and the usefulness
of this alert.