Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer
 Support Center > Alerts > SecureKnowledge Details
Support Center
 Print    Email
Check Point Response to Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

Solution ID: sk65222
Severity: High
Product: Mobile Access / SSL VPN, Security Gateway, DLP-1, Endpoint Security Server
Version: R75, R71, NGX R66.1, E80.20, 7.x, R80.10, R80, R75.10
OS: SecurePlatform, Windows, IPSO 6.2
Platform / Model: All
Date Created: 25-Aug-2011
Last Modified: 13-Feb-2013
Rate this document
[1=Worst,5=Best]
Symptoms
  • Apache HTTP server is vulnerable to denial of service by sending multiple requests with large number of ranges.
  • For more details refer to the Apache advisory
  • The following Check Point products are vulnerable:
    • Security Gateway with SSL VPN/Identity Awareness/DLP Software Blade - R71.10 and later, R75 and later
    • Connectra - R66.1, R66.1n
    • DLP-1 - R75 and later
    • EndPoint Security Server - all versions
    • IPSO platform (Voyager application)
  • To mitigate this threat Check Point released the following solutions:
    • Hotfixes for the vulnerable products.
    • An IPS protection CPAI-2011-402
Solution

Customers of the above products are advised to install the following Hotfixes.

Hotfix for Security Gateway products

  • Hotfix applies to the following versions:
    • Connectra R66.1, R66.1n
    • R71.40, R75.20
      Note: When upgrading from HFA 75.20 (with this hotfix) to R75.30, you need to reinstall this hotfix.
    • DLP-1 R71.20
  • Installation instructions:
    1. Download apacheCVE20113192.sh and copy it to the gateway machine
    2. chmod +x apacheCVE20113192.sh
    3. To install the hotfix run 'apacheCVE20113192.sh install'. On standalone DLP gateway, also run 'cpstop ; cpstart'.
    4. To uninstall the hotfix run 'apacheCVE20113192.sh uninstall'

Note: After installing the Hotfix for Security Gateway, any manual changes done to the Apache configuration files will be lost, in case the Hotfix is uninstalled.

To check that the hotfix is applied:

The following files:
 $CVPNDIR/conf/httpd.conf
 $DLPDIR/portal/apache/conf/httpd.conf
 /opt/CPNacPortal/conf/httpd_nac.conf
 /opt/CPUserCheckPortal/conf/httpd.conf
 
should contain string "CVE20113192"

Hotfix for Endpoint Security

   Hotfix applies for Endpoint Security Server R80, R80.10 on Windows (released on September 8, 2011)

    Installation instructions:

  1. If the obsolete hotfix was installed (see above), uninstall it by running 'copy %UEPMDIR%\apache22\conf\httpd.conf.backup %UEPMDIR%\apache22\conf\httpd.conf' 
  2. Download EP_R8x_apacheCVE20113192.bat and copy it to the EPS Server machine 
  3. To install the hotfix run ' EP_R8x_apacheCVE20113192.bat '
  4. To uninstall the hotfix run ' copy "%UEPMDIR%\apache22\conf\httpd.conf.backup" "%UEPMDIR%\apache22\conf\httpd.conf" ' and restart the Apache2.2 service

   Hotfix applies for Endpoint Security Server E80.20 on Windows (released on September 8, 2011)

    Installation instructions:

  1. If the obsolete hotfix was installed (see above), uninstall it by running 'copy %UEPMDIR%\apache22\conf\httpd.conf.backup %UEPMDIR%\apache22\conf\httpd.conf'
  2. Download the file E80.20.zip and copy it to the EPS Server machine
  3. Unzip E80.20.zip which contains the following files:
    • EP_E80.20_apacheCVE20113192.bat
    • mod_cache.so
    • mod_disk_cache.so
    • mod_file_cache.so
    • mod_mem_cache.so
  4. To install the hotfix run 'EP_E80.20_apacheCVE20113192.bat '
  5. To uninstall the hotfix:
    • Stop Apache2.2 Service
    • 'copy %UEPMDIR%\apache22\conf\httpd.conf.backup %UEPMDIR%\apache22\conf\httpd.conf' 
    • 'copy %UEPMDIR%\apache22\modules\mod_cache.so.backup %UEPMDIR%\apache22\modules\mod_cache.so'
    • 'copy %UEPMDIR%\apache22\modules\mod_file_cache.so.backup %UEPMDIR%\apache22\modules\mod_file_cache.so'
    • 'copy %UEPMDIR%\apache22\modules\mod_mem_cache.so.backup %UEPMDIR%\apache22\modules\mod_mem_cache.so'
    • 'copy %UEPMDIR%\apache22\modules\mod_disk_cache.so.backup %UEPMDIR%\apache22\modules\mod_disk_cache.so'
    • Start Apache2.2 Service

 

   Hotfix applies for Endpoint Security Server R7.x on Windows

    Installation instructions:

  1. Download EP_R7x_apacheCVE20113192.bat and copy it to the EPS Server machine 
  2. To install the hotfix run 'EP_R7x_apacheCVE20113192.bat' 
  3. To uninstall the hotfix run 'copy httpd.conf.backup httpd.conf'

   Hotfix applies for Endpoint Security Server R7.x on SecurePlatform

    Installation instructions:

  1. Download EP_R7x_apacheCVE20113192.sh and copy it to the EPS Server machine
  2. chmod +x EP_R7x_apacheCVE20113192.sh
  3. To install the hotfix run 'EP_R7x_apacheCVE20113192.sh install' and 'cpstop ; cpstart'.
  4. To uninstall the hotfix run 'EP_R7x_apacheCVE20113192.sh uninstall'

Note: When upgrading Endpoint Security Server, the Apache configuration file will be overwritten. Therefore, this security fix should be applied again, once you have upgraded.

Solution for the IPSO platform

This solution should be applied to all Security Gateway versions on IPSO platform instead of the gateway hotfix. 

   Hotfix for IPSO platform

  • Hotfix applies to the following versions:
    • IPSO 6.2 (any build)
    • IPSO 4.2 MR9 (IPSO-4.2-BUILD111)
  • Hotfix installation instructions for IPSO 6.2:
    1. Download apacheCVE20113192_IPSO6.sh and copy it to the gateway machine
    2. chmod +x apacheCVE20113192_IPSO6.sh
    3. To install the hotfix run 'apacheCVE20113192_IPSO6.sh install'
    4. To uninstall the hotfix run 'apacheCVE20113192_IPSO6.sh uninstall'
  • Hotfix installation instructions for IPSO 4.2 MR9:
    1. Download apacheCVE20113192_IPSO4.sh and copy it to the gateway machine
    2. Download httpd.CVE20113192 to the same directory
    3. chmod +x apacheCVE20113192_IPSO4.sh
    4. To install the hotfix run 'apacheCVE20113192_IPSO4.sh install'.
    5. To uninstall the hotfix run 'apacheCVE20113192_IPSO4.sh uninstall'

Give us Feedback
Rate this document
[1=Worst,5=Best]
Additional comments...(Max 2000 characters allowed)
Characters left: 2000