Attack Mitigator IPS 5500 HTTP denial of service

am-ips5500-http-dos (17125) The risk level is classified as MediumMedium Risk

Description:

Top Layer's Attack Mitigator is vulnerable to a denial of service attack in certain configurations, caused by improper handling of a large number of HTTP connections. A remote attacker could exploit this vulnerability by establishing over 2000 HTTP connections to cause the CPU to consume all available system resources.

Note: This vulnerability is exploitable only when the Attack Mitigator IPS 5500 is configured in a network where a high volume of packets pass through the Attack Mitigator IPS 5500 twice, usually in a "onearmed" routing configuration.


Consequences:

Denial of Service

Remedy:

Upgrade to the latest version of Attack Mitigator IPS 5500 software (3.11.014 or later), available from the Top Layer Web site. See references.

References:

  • BugTraq Mailing List, Wed Aug 25 2004 - 11:09:05 CDT : IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service.
  • Top Layer Web site: Stop DDoS Attack - SYN Flood Attack Protection.
  • BID-11049: Top Layer Attack Mitigator IPS 5500 Denial Of Service Vulnerability
  • CVE-2004-1749: Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests.
  • SA12390: Top Layer Attack Mitigator IPS 5500 Multiple HTTP Requests Denial of Service

Platforms Affected:

  • Top Layer Attack Mitigator IPS 5500 3.11.008 and prior

Reported:

Aug 25, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page