Nessus scan vulnerability with IBM Apache HTTP Server Byte Range DoS on SSIM

Article Id: 156196
Status: Published
Updated On: 12-05-2015 15:02
Legacy Id: TECH185908
Products:
Security Information Manager
Issue/Introduction:

High Risk Vulnerability found in Nessus scan of "Apache HTTP Server Byte Range DoS (55976)". The CVE is 2011-3192.

Resolution:

The solution is to Ignore all “Range requests” and return the full page instead

Steps to do this are as follows :

 

1.   Copy mod_headers.so file to the following location
/opt/Symantec/sesa/httpd/modules/
(mod_headers.so file is attached to this KB)

2.   Ensure mod_headers is loaded/uncommented in httpd.conf (log in via SSH to SSIM using db2admin user and su - to root)

·         Open  /opt/Symantec/sesa/httpd/conf/httpd.conf

·         Search for "LoadModule headers_module modules/mod_headers.so"

·         Uncomment the above line if it is commented by removing ‘#’  present at the beginning of line

           2. Add the following two lines at the bottom of httpd.conf file

        RequestHeader unset Range

        RequestHeader unset Request-Range

3.    Save the file

4.    Restart ibmhttpd service from command line after updating httpd.conf file for changes to take effect

·         service ibmhttpd restart

 

 

 

insert_drive_file mod_headers.so
arrow_downward Download