Article ID: 112153, created on Aug 31, 2011, last review on May 9, 2014

  • Applies to:
  • H-Sphere 3.4
  • H-Sphere 3.5


A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server (both versions):
An attack tool is circulating in the wild. Active use of this tools has
been observed.
The attack can be done remotely and with a modest number of requests can
cause very significant memory and CPU usage on the server.
The default Apache HTTPD installation is vulnerable.
There is currently no patch/new version of Apache HTTPD which fixes this
vulnerability. This advisory will be updated when a long term fix
is available.


While the core issue should certianly be addressed within the Apache code itself, in the meantime, Parallels H-Sphere administrators could also use special rules for ModSecurity to mitigate this attack:
1.      Enable the apache_securityor the apache_security2 module for the web servers in the Parallels H-Sphere Control Panel (on the menu path: E.Manager → P.Servers → Physical Server Parameters)
2.      Download the attached shell script into a temporary directory on the web server.
3.      Run this script on the web server:
4.      Reload httpd service:
·         on Linux
/etc/init.d/httpd reload
·         on FreeBSD
/usr/local/etc/rc.d/ restart
5.      Repeat 2 – 4 steps on the each web servers

Related links


f90e90e234d2835301363089f6b828e5 f213b9fa8759d57bee5d547445806fe7 f51a27b0a406fdfb3fcda8033c7f914d 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF