APACHE WEB SERVER


Introduction

Everyone is under attack. It may be a Fortune 500 or a small corporate, automated attack tools scan the entire IP range and will burst the services with requests that identify weak spots. Even if you are serving an Intranet that is not visible to the general Internet, the possibility that people within your organization bring in Trojan horses when they connect their laptops to your network should be considered.

Web Server Survey

According to the survey conducted by the netcraft.com, a total of 239,611,111 web sites were reported as active till July 2009. Out of which the top, the majority developer shares were Apache with 47.17% and Microsoft with 23.34%. Of the active sites reported, the web sites running on Apache are 51.12% and Microsoft with 23.99%. The market share for the top servers across the Million Busiest sites, the Apache with 66.82% and Microsoft with 18.25%.
The above figures clearly show the majority share in terms of Web sites running on Apache is higher compared to its counterparts.
The following are most observed threats and the problem caused due to the threats and the respective mitigation. The countermeasures are briefed at the bottom for all.

Possible compromise through Apache misconfiguration

The default files and services provide a means for an attacker to bypass authentication methods and gain access to sensitive information and may be with elevated privileges.
 Regular independent configuration assessments.

Compromise through a vulnerability of the application

The functional level of the application may cause problems by selecting the valid and invalid inputs.
 Do not allow read/write access or compiler. 

Possible compromise through unmitigated Apache problems

The unmitigated Apache can cause problems if necessary mitigation steps are not taken.
 Put Apache in jail, implement Kernel patches.

Apache update poses a danger to the bigger threat

The vulnerability referred to as Satisfy directory threat which allows an attacker to compromise access controls.
 Only applies if you have updated to version 2.0.51.

Apache Struts Unspecified Cross-site scripting vulnerability

 Exploited by malicious people to conduct cross-site scripting attacks.
 Filter malicious characters and character sequences in a web proxy.

DoS, buffer overflow flaws in Apache

The flaw could allow attackers to launch denial-of-service against systems running certain versions of Apache Web Server.
 Update with latest patches.

Signals to arbitrary processes

 An attacker can manipulate and cause arbitrary processes to be terminated which could lead to a denial of service.
 Affects to only versions 2.2.4, 2.2.3, 2.2.2, 2.2.0

Apache Tomcat 'Request Dispatcher' Information Disclosure Vulnerability
 

Successful exploitation of this issue will allow attackers to obtain sensitive information that may lead to further attacks.
  Update with latest patches.

Countermeasures

  • The Countermeasures for the above vulnerability issues is to: Keep Apache up-to-date.
  • Activity monitoring
  • Intrusion Detection
  • Have off-site backups and disaster recovery procedures
  • Understand the configuration
  • Disable unnecessary Apache Modules
  •  Remove Default/Unneeded Apache files
  • Authentication Mechanisms
  • Secure admin access


References:
1.http://news.netcraft.com/archives/2009/07/28/july_2009_web_server_survey.html
2.http://httpd.apache.org/security_report.html
3.http://cve.mitre.org/
4.http://httpd.apache.org/security/impact_levels.html
5.http://projects.webappsec.org/Server-Misconfiguration
6.http://www.perpetualseeker.com/2009/03/14/apache-misconfiguration/
7.http://articles.techrepublic.com.com/5100-10878_11-5422585.html
8.http://www.juniper.net/security/auto/vulnerabilities/vuln30494.html
9.http://www.f-secure.com/vulnerabilities/SA200901524
Share on Google Plus

About ceh\

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment

0 comments:

Post a Comment