C20, C25, C4110, C5110, C5210, V2110; firmware 8.11.01.0161 through 8.21.06.0006
IdentiFi (formerly Enterasys, HiPath) Wireless Controller
Users are unable to connect to the Wireless network.
Overall client performance issues, such as poor connections, dropped connections, or spotty coverage.
Controller Web GUI is slow to respond after clicking on a web site.
A vulnerability (CVE-2011-3192) patch update has broken a section of the Apache functionality, causing certain requests to use all of the HTTPD CPU cycles.
This is fixed as of f/w 8.21.07.0006, with a more complete fix as of f/w 8.21.08.0005.
Upgrade to firmware 8.21.08.0005 or higher.
Release notes state, in the 'Changes in 8.21.07.0006' section:
Solution to protect against denial of service attack disallows partial gets as explained in Known Issues section.
Release notes state, in the 'Changes in 8.21.08.0005' section:
Solution to protect against denial of service attack by disabling partial gets as explained in KB.
The accompanying item in the 'Deployment Notes and Known Issues' section:
[code]Wns0009142 – info[/code]
The controller will respond to HTTP requests containing the Range header with a Forbidden (403) error. This is to address current Denial of Service attacks that use the Range header. Range headers are used to download parts of a file through HTTP. They are not useful when dealing with the controller since most of its HTTP-downloadable files are small (e.g. graphics) or have a short lifetime (e.g. logs).