Security Information and Review

Collection of security information and review

Artofdefence Hyperguard Vulnerability

Author : Admin

Hyperguard is a latest-generation enterprise Web application firewall with attack detection and attack protection functions that are freely configurable. Hyperguard enables centralized security monitoring, reporting and alerting and provides custom protection for your Web applications against external attacks. Hyperguard is a software-based web application firewall that is intended to be installed directly on the web server to be protected. It acts as a plugin that integrates into the web server.

 

Hyperguard has a modular design that enables different components to be operated on different servers and therefore work in cluster environments. It is for example possible to protect several web servers using multiple instances of Hyperguard on different machines while all configuration and monitoring can be done on a single master host. Hyperguard is divided into three components.

 

 

Hyperguard

 

 

First, web interface for administration purposes. This component enables to monitor and configure all Hyperguard instances. Second, enforcer plugin. This component runs on every web server or reverse proxy that has the function of protecting web applications. All HTTP requests and responses are intercepted by the enforcer and forwarded to the decider plugin. Depending on the decision of the decider plugin the enforcer either blocks, forwards or rewrites the message. Three, decider plugin. The decider represents the system of rules that is applied to each request processed by the enforcer. The rules can be created or edited using the web interface. In course of this project all three components have been installed on a single reverse proxy.

 

The Artofdefence Hyperguard Web Application Firewall operates as a reverse proxy module between the clients and the web server to be protected. All HTTP requests are checked before being forwarded to the web server. By sending specially crafted HTTP POST requests an attacker is able to trigger high memory usage on the WAF. By repeatedly sending the request the available memory is exhausted resulting in a kernel panic and therefore a denial of service.

 

The vulnerability can be triggered by sending HTTP POST requests with a high “Content-Length” header value set but without transmitting any content. Artofdefence Hyperguard is available as a plug-in for several web servers. The vulnerability was confirmed in connection with the Apache web server module. Other modules have not been tested. With 1 GB of free memory available on the WAF the kernel panic occured after sending ~350 crafted requests.

 

Information about the web application firewall project this advisory originates from can be found at: http://www.h4ck1nb3rg.at/wafs/.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Web Application Security
If you like this posts, please leave messages / comments.