IdentiFi Wireless Controller f/w 8.21.06.0006 reporting High CPU Utilization for HTTPD Process

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 15085 

Products
C20, C25, C4110, C5110, C5210, V2110; firmware 8.11.01.0161 through 8.21.06.0006
IdentiFi (formerly Enterasys, HiPath) Wireless Controller 

Symptoms
Users are unable to connect to the Wireless network.
  -and/or-
Overall client performance issues, such as poor connections, dropped connections, or spotty coverage.
  -and/or-
Controller Web GUI is slow to respond after clicking on a web site. 

Cause
A vulnerability (CVE-2011-3192) patch update has broken a section of the Apache functionality, causing certain requests to use all of the HTTPD CPU cycles. 

Solution
This is fixed as of f/w 8.21.07.0006, with a more complete fix as of f/w 8.21.08.0005. 

Upgrade to firmware 8.21.08.0005 or higher.
Release notes state, in the 'Changes in 8.21.07.0006' section:
wns0009142  Solution to protect against denial of service attack disallows partial gets as explained in Known Issues section.
Release notes state, in the 'Changes in 8.21.08.0005' section: 
wns0009142  Solution to protect against denial of service attack by disabling partial gets as explained in KB.

The accompanying item in the 'Deployment Notes and Known Issues' section: 
Wns0009142 – info
The controller will respond to HTTP requests containing the Range header with a Forbidden (403) error. This is to address current Denial of Service attacks that use the Range header. Range headers are used to download parts of a file through HTTP. They are not useful when dealing with the controller since most of its HTTP-downloadable files are small (e.g. graphics) or have a short lifetime (e.g. logs).
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.