The Apache Software Foundation has warned of an attack tool in the wild designed to take advantage of a denial-of-service (DoS) vulnerability in the open source Apache HTTPD web server.
Apache developers explained in a security advisory that the vulnerability affects all versions of Apache 1.3 and Apache 2, and promised a fix within 48 hours.
"A DoS vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server," the advisory said.
"An attack tool is circulating in the wild. Active use of this has been observed. The attack can be done remotely and, with a modest number of requests, can cause very significant memory and CPU use on the server."
Apache posted five detailed mitigations pending the release of the full fix.
"Apache HTTPD users who are concerned about a DoS attack against their server should consider implementing any of the above mitigations immediately," the advisory said.
"When using a third-party attack tool to verify the vulnerability [you should] know that most of the versions in the wild currently check for the presence of mod_deflate and will (mis)report that your server is not vulnerable if this module is not present. This vulnerability is not dependent on the presence or absence of that module."
Apache is the most popular web server on the planet, various estimates putting its share of the market above 60 per cent.
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff
The ICO is concerned with AggregateIQ's retention and processing of data used in the Brexit referendum