Qualys Full Standard Community Scan, Requires Login not qualys SSL Labs quick scan, Causes 100% CPU - 2.4.37 & 2.4.38 w/openssl_1.1.1a and 2.4.41 w/openssl-1.1.1c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Qualys:  Scanner Appliance: 64.39.99.243 (Scanner 11.5.21-1, Vulnerability Signatures 2.4.694-2)

 

Our production apache http 2.4.37 server running with openssl 1.1.1a have been getting hit with qualys scans like clockwork and every time our CPU goes to 100% and after more scans to 200% CPU. After reading the bug reports I upgraded to 2.4.38 which made no difference.   I then upgraded to the latest stable version httpd 2.4.41 and ran with the latest stable openssl v1.1.1c and get the same issue.

 

I also tried configuring TLS from tlsv 1.2 and tlsv1.3 to only tlsv1.2 and still have 100% cpu after 1 qualy community scan

I also tried to deny service with SSLRequire on the IPs 64.39.103, 64.39.99, 64.39.111 and also RequireAll and trying combinations but nothing stops the 100% CPU so far.

 

The qualys scan is repeatable and I’m using standard configurations and builds on RedHat Linux, although an older Red Hat Enterprise Linux Server release 5.11 (Tikanga).

   apr-1.6.5

   expat-2.2.6

   apr-util-1.6.1

   pcre-8.42

   openssl_1.1.1a,   httpd 2.4.37, 2.4.38

   openssl_1.1.1c,   httpd 2.4.41

 

  ./configure --prefix=/vendor/apache/2.4.41 --with-pcre=/vendor/apache/pcre-8.42  --with-ssl=/vendor/apache/openssl_1.1.1c --with-z=/vendor/apache/zlib-1.2.11 --enable-ssl --enable-shared --enable-deflate --enable-mime --enable-dbd --enable-socache-shmcb  --with-apr= /vendor/apache/apr-1.6.5  --with-apr-util=/vendor/apache/apr-util-1.6.1

 

Tried but failed, trying combinations:

<Directory / >

  Options FollowSymLinks

  AllowOverride None

  <RequireAll>

    Require all denied

    Require not ip 64.39.111

    Require not ip 64.39.103

    Require not ip 64.39.99

  </RequireAll>

</Directory>

 

 

Thanks & Regards,

Bob

 

Bob Hathaway

Advanced Architect

Mphasis | Memphis

robert.hathaway@xxxxxxxxxxx

www.mphasis.com

Mobile: 201-390-7602

Office: 901-263-5805

Updated Logo

 


Information transmitted by this e-mail is proprietary to Mphasis, its associated companies and/ or its customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at mailmaster@xxxxxxxxxxx and delete this mail from your records.

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux