Qualys: Scanner Appliance: 64.39.99.243 (Scanner 11.5.21-1, Vulnerability Signatures 2.4.694-2)
Our production apache http 2.4.37 server running with openssl 1.1.1a have been getting hit with qualys scans like clockwork and every time our CPU goes to 100% and after more scans
to 200% CPU. After reading the bug reports I upgraded to 2.4.38 which made no difference. I then upgraded to the latest stable version httpd 2.4.41 and ran with the latest stable openssl v1.1.1c and get the same issue. I also tried configuring TLS from tlsv 1.2 and tlsv1.3 to only tlsv1.2 and still have 100% cpu after 1 qualy community scan I also tried to deny service with SSLRequire on the IPs 64.39.103, 64.39.99, 64.39.111 and also RequireAll and trying combinations but nothing stops the 100% CPU so far. The qualys scan is repeatable and I’m using standard configurations and builds on RedHat Linux, although an older Red Hat Enterprise Linux Server release 5.11 (Tikanga). apr-1.6.5 expat-2.2.6 apr-util-1.6.1 pcre-8.42 openssl_1.1.1a, httpd 2.4.37, 2.4.38 openssl_1.1.1c, httpd 2.4.41 ./configure --prefix=/vendor/apache/2.4.41 --with-pcre=/vendor/apache/pcre-8.42 --with-ssl=/vendor/apache/openssl_1.1.1c --with-z=/vendor/apache/zlib-1.2.11 --enable-ssl --enable-shared
--enable-deflate --enable-mime --enable-dbd --enable-socache-shmcb --with-apr= /vendor/apache/apr-1.6.5 --with-apr-util=/vendor/apache/apr-util-1.6.1 Tried but failed, trying combinations: <Directory / > Options FollowSymLinks AllowOverride None <RequireAll> Require all denied Require not ip 64.39.111 Require not ip 64.39.103 Require not ip 64.39.99 </RequireAll> </Directory> Thanks & Regards, Bob Bob Hathaway Advanced Architect Mphasis | Memphis Mobile: 201-390-7602 Office: 901-263-5805 Information transmitted by this e-mail is proprietary to Mphasis, its associated companies and/ or its customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at mailmaster@xxxxxxxxxxx and delete this mail from your records. |