This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
SelvaRANI
Beginner
Beginner
‎2012-09-24 02:42 AM

Vulnerability detected on Aserv-HTTP Server Prone To Slow Denial Of Service Attack

We got following new vulnerability detected while running regular Vulnerability assessment for RSA Envision A serv:-

Following queries:-

1) Does RSA Envision use any of these?

HTTP servers that use the asynchronous I/O technique are not vulnerable to this attack. Some of those servers are: lighttpd, nginx, Apache's experimental event MPM, IIS 6,IIS7, Cherokee, etc.

2) Any method to close this vulnerability with steps?

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

HTTP Server Prone To Slow Denial Of Service Attack 5.0 Medium

 

Description:

A denial of service vulnerability is present in some HTTP servers.

 

Recommendation:

There are no patches available from the vendor at the moment of writing this document (10/16/11).

A workaround to this, although not a final solution, is to decrease the Timeout setting for Apache to 10 seconds or less, instead of the default 5 minutes. Particular considerations

have to be considered depending on each organization and the type of clients expected to connect to their web servers.

For example, the timeout and minimum data rate for receiving requests can be set by enabling the apache module "mod_reqtimeout",

http://httpd.apache.org/docs/2.3/mod/mod_reqtimeout.html

HTTP servers that use the asynchronous I/O technique are not vulnerable to this attack. Some of those servers are: lighttpd, nginx, Apache's experimental event MPM, IIS 6,

IIS7, Cherokee, etc.

 

Observation:

Apache HTTP Server is a widely used Web server. Apache -and other Web servers- bound each connection to a different process or thread.

A denial of service vulnerability is present in some HTTP servers. The DoS occurs because the server allows incomplete connections to stay open for an unnecessary period

of time. Processes are a limited resource, and thus the server cannot have infinite connections but instead a limited number of clients connected at the same time. The attacker

will create multiple slow incomplete connection requests to the server causing it to reach the connections limit and make the server to stop responding to other legit requests.

 

Common Vulnerabilities & Exposures (CVE) Link:

CVE-2009-5111 CVE-2007-6750

IAVA Reference Number

IAVA-REF-NUMBER-NOMATCH

Affected System(s)

System Criticality Operating System Port

AServ.com

 

None Windows Server 2003 http(8080)/tcp

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

0 Likes
Reply
1 Reply
AlejandroNegron
Employee
Employee
‎2012-09-26 11:07 PM

Hi corporatesoc,

 

enVision doesn't use any of those web servers (it actually use an application server) to run its GUI so you shouldn't be worried about that, also I was checking those CVE's that you sent and one refers to Apache versions 1.x or 2.x and the other to the web server from GoAhead which are not part of the envision architecture

 

I hope this helps

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.