Nessus scan vulnerability with IBM Apache HTTP Server Byte Range DoS on SSIM

book

Article ID: 156196

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

High Risk Vulnerability found in Nessus scan of "Apache HTTP Server Byte Range DoS (55976)". The CVE is 2011-3192.

Resolution

The solution is to Ignore all “Range requests” and return the full page instead

Steps to do this are as follows :

 

1.   Copy mod_headers.so file to the following location
/opt/Symantec/sesa/httpd/modules/
(mod_headers.so file is attached to this KB)

2.   Ensure mod_headers is loaded/uncommented in httpd.conf (log in via SSH to SSIM using db2admin user and su - to root)

·         Open  /opt/Symantec/sesa/httpd/conf/httpd.conf

·         Search for "LoadModule headers_module modules/mod_headers.so"

·         Uncomment the above line if it is commented by removing ‘#’  present at the beginning of line

           2. Add the following two lines at the bottom of httpd.conf file

        RequestHeader unset Range

        RequestHeader unset Request-Range

3.    Save the file

4.    Restart ibmhttpd service from command line after updating httpd.conf file for changes to take effect

·         service ibmhttpd restart

 

 

 

Attachments

mod_headers.so get_app