Earlier this week, a number of news outlets reported on a new major vulnerability on the block. OptionsBleed, dubbed the ‘Son of Heartbleed’, threatens to expose data from servers in a similar sort of way that its fathering virus did a few years back. This time, the vulnerability lies within Apache Web Server, and is triggered by making HTTP Options requests. Hanno Böck, the security researcher who discovered the virus, has found that OptionsBleed is less widespread than Heartbleed, but that doesn’t mean there should be a total lack of concern.
A patch is available from the Apache source code servers, but it’s still unclear whether this will be the best route to take, as Apache are yet to release any formal advice. So what should you do?
- Apply the patch – Whilst Apache hasn’t yet published an formal advisory or an officially-updated Apache version, it’s worthwhile applying the available patch. You’ll have to apply the code changes yourself and rebuild your own updated version of httpd.
- Revisit your .htaccess files – Don’t want to or can’t patch? If you can, visit your .htaccess files and look for settings that aren’t applicable or are mis-spelled, and amend them so they’re not vulnerable.
- Ensure your cyber security is top notch – Now’s a better time than any to make sure you have everything in place to prevent a hack. MidGARD monitors all requests that come through your systems and server, so would be able to instantly spot and respond to any suspicious HTTP requests before any damage was done.
If you’re worried about OptionsBleed or any other cyber threat, get in touch with Falanx today to arrange a MidGARD Proof of Concept for your business.
