Introduction
Everyone is under attack. It may be a Fortune 500 or a small corporate, automated attack tools scan the entire IP range and will burst the services with requests that identify weak spots. Even if you are serving an Intranet that is not visible to the general Internet, the possibility that people within your organization bring in Trojan horses when they connect their laptops to your network should be considered.
Web Server Survey
According to the survey conducted by the netcraft.com, a total of 239,611,111 web sites were reported as active till July 2009. Out of which the top, the majority developer shares were Apache with 47.17% and Microsoft with 23.34%. Of the active sites reported, the web sites running on Apache are 51.12% and Microsoft with 23.99%. The market share for the top servers across the Million Busiest sites, the Apache with 66.82% and Microsoft with 18.25%.
The above figures clearly show the majority share in terms of Web sites running on Apache is higher compared to its counterparts.
The following are most observed threats and the problem caused due to the threats and the respective mitigation. The countermeasures are briefed at the bottom for all.
Possible compromise through Apache misconfiguration
The default files and services provide a means for an attacker to bypass authentication methods and gain access to sensitive information and may be with elevated privileges.
Regular independent configuration assessments.
Regular independent configuration assessments.
Compromise through a vulnerability of the application
The functional level of the application may cause problems by selecting the valid and invalid inputs.
Do not allow read/write access or compiler.
Do not allow read/write access or compiler.
Possible compromise through unmitigated Apache problems
The unmitigated Apache can cause problems if necessary mitigation steps are not taken.
Put Apache in jail, implement Kernel patches.
Put Apache in jail, implement Kernel patches.
Apache update poses a danger to the bigger threat
The vulnerability referred to as Satisfy directory threat which allows an attacker to compromise access controls.
Only applies if you have updated to version 2.0.51.
Only applies if you have updated to version 2.0.51.
Apache Struts Unspecified Cross-site scripting vulnerability
Exploited by malicious people to conduct cross-site scripting attacks.
Filter malicious characters and character sequences in a web proxy.
DoS, buffer overflow flaws in Apache
The flaw could allow attackers to launch denial-of-service against systems running certain versions of Apache Web Server.
Update with latest patches.
Update with latest patches.
Signals to arbitrary processes
An attacker can manipulate and cause arbitrary processes to be terminated which could lead to a denial of service.
Affects to only versions 2.2.4, 2.2.3, 2.2.2, 2.2.0
Apache Tomcat 'Request Dispatcher' Information Disclosure Vulnerability
Successful exploitation of this issue will allow attackers to obtain sensitive information that may lead to further attacks.
Update with latest patches.
Update with latest patches.
Countermeasures
- The Countermeasures for the above vulnerability issues is to: Keep Apache up-to-date.
- Activity monitoring
- Intrusion Detection
- Have off-site backups and disaster recovery procedures
- Understand the configuration
- Disable unnecessary Apache Modules
- Remove Default/Unneeded Apache files
- Authentication Mechanisms
- Secure admin access
References:
1.http://news.netcraft.com/archives/2009/07/28/july_2009_web_server_survey.html
2.http://httpd.apache.org/security_report.html
3.http://cve.mitre.org/
4.http://httpd.apache.org/security/impact_levels.html
5.http://projects.webappsec.org/Server-Misconfiguration
6.http://www.perpetualseeker.com/2009/03/14/apache-misconfiguration/
7.http://articles.techrepublic.com.com/5100-10878_11-5422585.html
8.http://www.juniper.net/security/auto/vulnerabilities/vuln30494.html
9.http://www.f-secure.com/vulnerabilities/SA200901524
0 comments:
Post a Comment