The Apache Software Foundation has warned of an attack tool in the wild designed to take advantage of a denial-of-service (DoS) vulnerability in the open source Apache HTTPD web server.
Apache developers explained in a security advisory that the vulnerability affects all versions of Apache 1.3 and Apache 2, and promised a fix within 48 hours.
"A DoS vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server," the advisory said.
"An attack tool is circulating in the wild. Active use of this has been observed. The attack can be done remotely and, with a modest number of requests, can cause very significant memory and CPU use on the server."
Apache posted five detailed mitigations pending the release of the full fix.
"Apache HTTPD users who are concerned about a DoS attack against their server should consider implementing any of the above mitigations immediately," the advisory said.
"When using a third-party attack tool to verify the vulnerability [you should] know that most of the versions in the wild currently check for the presence of mod_deflate and will (mis)report that your server is not vulnerable if this module is not present. This vulnerability is not dependent on the presence or absence of that module."
Apache is the most popular web server on the planet, various estimates putting its share of the market above 60 per cent.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches