Subscribe to receive notifications of new posts:

Apache Killer Terminated: Zero Day Exploit, Zero Day Fix

2011-08-24

1 min read
Apache Killer Terminated: Zero Day Exploit, Zero Day Fix

Early this morning word spread that there was a zero day exploit dubbed the "Apache Killer." The exploit uses malformed Apache byte-range headers to crash the web server. The exploit is effective against the latest versions of Apache as well as versions back to v1.3. Apache announced that they would release a patch within 96 hours. In the meantime, there are some suggested ways that people running Apache can deal with the attack.

At CloudFlare, we were asked almost immediately by several users whether CloudFlare protected against this exploit. The answer this morning was no. We faithfully pass through byte-range headers to the origin server and therefore would pass through the attack. The promise of CloudFlare, however, is that as these sorts of incidents come to light we can apply patches to our network to protect our users. So that's what we did.

As of now, about half of our network has implemented protection that will stop the Apache Killer exploit. We do this by limiting malformed or large numbers of byte-range headers from being relayed to the origin. We are running the fix in our busiest data centers and, assuming this initial rollout goes smoothly, we will roll it out to the whole network by the end of the day tomorrow. In other words, for a zero day exploit, we created a zero day fix.

There is nothing you have to change in your settings, the protection is automatic. If you are running Apache, we recommend you upgrade to the newest version as soon as the Apache team releases a fix. In the meantime, we're happy to be able to provide protection against this attack to CloudFlare users. If you're not already a CloudFlare user, you can sign up for free and get the protection immediately.

Update (25 Aug 2011 @ 18:00 GMT): the tests across our network went well and the fix has now been pushed live to the entire CloudFlare network. All CloudFlare-powered sites are now protected. Even with CloudFlare's fix in place, we still recommend you upgrade Apache to the latest version when the patch is released. Follow the Apache advisory for more details.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
AttacksPost Mortem

Follow on X

Matthew Prince|@eastdakota
Cloudflare|@cloudflare

Related posts

November 20, 2024 10:00 PM

Bigger and badder: how DDoS attack sizes have evolved over the last decade

If we plot the metrics associated with large DDoS attacks observed in the last 10 years, does it show a straight, steady increase in an exponential curve that keeps becoming steeper, or is it closer to a linear growth? Our analysis found the growth is not linear but rather is exponential, with the slope varying depending on the metric (rps, pps or bps). ...

October 02, 2024 1:00 PM

How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack

Over the past couple of weeks, Cloudflare's DDoS protection systems have automatically and successfully mitigated multiple hyper-volumetric L3/4 DDoS attacks exceeding 3 billion packets per second (Bpps). Our systems also automatically mitigated multiple attacks exceeding 3 terabits per second (Tbps), with the largest ones exceeding 3.65 Tbps. The scale of these attacks is unprecedented....

September 27, 2024 1:00 PM

Network trends and natural language: Cloudflare Radar’s new Data Explorer & AI Assistant

The Cloudflare Radar Data Explorer provides a simple Web-based interface to build more complex API queries, including comparisons and filters, and visualize the results. The accompanying AI Assistant translates a user’s natural language statements or questions into the appropriate Radar API calls....