Re: Apache crashes on Qualys Scan

[Jeff Trawick <trawick@xxxxxxxxx>]

On Fri, Dec 5, 2014 at 6:07 AM, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) <kannanar@xxxxxxxxx> wrote:

Hi Team,

 

While scanning the ports using Qualys  scanner, Apache process is crashing. We can add the corresponding port in the exclude list but in customer scenario is not possible to exclude those ports from scanning. Is there any option is available to recover from this crashing.

 

Apache Details:

--------------------

Server version: Apache/2.2.22 (Win32)

Server built:   Apr 11 2012 12:17:10

 

Can anyone help us on this part to resolve the issue?

 

Thanks,

Kannan Narayanasamy.

 

Find the root cause.  Maybe the scanner is checking for a known vulnerability which causes a crash, and you need to upgrade.

Several procedures that should provide useful information:

1. Use the latest httpd 2.2.x and see if the problem still occurs.

2. Use mod_log_forensic (http://httpd.apache.org/docs/2.2/mod/mod_log_forensic.html) to see which request is triggering the crash, verify that it is the same request for each scan run, then study the configuration and any third party modules that would behave differently for that particular request.

3. Disable all third-party modules and see if the problem is still reproduced.  If not, add them back one by one to see which is the likely culprit.

4. Use debugging tools (a crash dump or running the httpd.exe child process under a debugger while the problem is reproduced).  You'll need .pdb files (debugging symbols) for your httpd for this to be practical.

--

Born in Roswell... married an alien...
http://emptyhammock.com/