logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Issue in Apache 2.2.15

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
sldc1984



Joined: 11 Oct 2017
Posts: 2
Location: Philippines, Metro Manila

PostPosted: Wed 11 Oct '17 17:49    Post subject: Issue in Apache 2.2.15 Reply with quote

Hi,

We are getting an issue in Apache 2.2.15 which is used in our production environment. Temporary solution is to restart the windows services, if not then we proceed to reboot the server. We just checking if there any solution on it. Apache 2.2.15 (httpd-2.2.15-win32-x86-no_ssl.msi) is installed in Windows server 2012 R2.

Your response is highly appreciated.

Regards,
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2123
Location: Sun Diego, USA

PostPosted: Thu 12 Oct '17 23:52    Post subject: Reply with quote

Sounds a lot like CVE-2011-3192. I'm not saying it is but the needed reboot of the machine sometimes makes it seem more likely a possibility. See the section "Type of Attack" in the advisory and note the "... grinding your server down to a halt."

If this is what you are facing, the best way to fix is upgrade Apache. You should have been keeping that thing updated all along as new releases came along but enough with the lecture.

Another possibility is mod_rangecount_improved. However note the caveat about it in the advisory linked above. It's not perfect but was a good enough workaround before 2.2.20 was released.

Apache 2.2 EOL'd back in July so it might be hard to find a 2.2.34 which was 2.2's final release.

You really should just bite the big bullet and finally get onto 2.4, and then keep it up-to-date. Smile

You could also schedule a restart of Apache say every hour but that still may not help and eventually require the reboot. It will also heavily pollute the error log Sad
Back to top
sldc1984



Joined: 11 Oct 2017
Posts: 2
Location: Philippines, Metro Manila

PostPosted: Fri 13 Oct '17 8:04    Post subject: Issue in Apache 2.2.15 Reply with quote

Hi,

Thanks for your response.
Unfortunately, the application is still intact with the Apache 2.2.15. As for now our option is to upgrade it. What version do you preferred and process step for us to do without uninstalling the existing Apache.


Best Regards,
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1