topic IdentiFi Wireless Controller f/w 8.21.06.0006 reporting High CPU Utilization for HTTPD Process in FAQs https://community.extremenetworks.com/t5/faqs/identifi-wireless-controller-f-w-8-21-06-0006-reporting-high-cpu/m-p/46466#M397 Article ID: 15085 <BR /> <BR /> <B>Products</B><BR /> C20, C25, C4110, C5110, C5210, V2110; firmware 8.11.01.0161 through 8.21.06.0006<BR /> IdentiFi (formerly Enterasys, HiPath) Wireless Controller <BR /> <BR /> <B>Symptoms</B><BR /> Users are unable to connect to the Wireless network.<BR /> -and/or-<BR /> Overall client performance issues, such as poor connections, dropped connections, or spotty coverage.<BR /> -and/or-<BR /> Controller Web GUI is slow to respond after clicking on a web site. <BR /> <BR /> <B>Cause</B><BR /> A vulnerability (<A href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3192" target="_blank" rel="nofollow noreferrer noopener">CVE-2011-3192</A>) patch update has broken a section of the Apache functionality, causing certain requests to use all of the HTTPD CPU cycles. <BR /> <BR /> <B>Solution</B><BR /> This is fixed as of f/w 8.21.07.0006, with a more complete fix as of f/w 8.21.08.0005. <BR /> <BR /> Upgrade to firmware 8.21.08.0005 or higher.<BR /> <A href="https://extranet.enterasys.com/downloads/Pages/WirelessControllers.aspx" target="_blank" rel="nofollow noreferrer noopener">Release notes</A> state, in the 'Changes in 8.21.07.0006' section:<BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">wns0009142</PRE></DIV> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">Solution to protect against denial of service attack disallows partial gets as explained in Known Issues section.</PRE></DIV><BR /> Release notes state, in the 'Changes in 8.21.08.0005' section: <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">wns0009142</PRE></DIV> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">Solution to protect against denial of service attack by disabling partial gets as explained in KB.</PRE></DIV><BR /> <BR /> The accompanying item in the 'Deployment Notes and Known Issues' section: <BR /> <B></B><PRE><B>Wns0009142 – info</B></PRE><BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">The controller will respond to HTTP requests containing the Range header with a Forbidden (403) error. This is to address current Denial of Service attacks that use the Range header. Range headers are used to download parts of a file through HTTP. They are not useful when dealing with the controller since most of its HTTP-downloadable files are small (e.g. graphics) or have a short lifetime (e.g. logs).</PRE></DIV> Sat, 09 Nov 2013 06:43:00 GMT FAQ_User 2013-11-09T06:43:00Z IdentiFi Wireless Controller f/w 8.21.06.0006 reporting High CPU Utilization for HTTPD Process https://community.extremenetworks.com/t5/faqs/identifi-wireless-controller-f-w-8-21-06-0006-reporting-high-cpu/m-p/46466#M397 Article ID: 15085 <BR /> <BR /> <B>Products</B><BR /> C20, C25, C4110, C5110, C5210, V2110; firmware 8.11.01.0161 through 8.21.06.0006<BR /> IdentiFi (formerly Enterasys, HiPath) Wireless Controller <BR /> <BR /> <B>Symptoms</B><BR /> Users are unable to connect to the Wireless network.<BR /> -and/or-<BR /> Overall client performance issues, such as poor connections, dropped connections, or spotty coverage.<BR /> -and/or-<BR /> Controller Web GUI is slow to respond after clicking on a web site. <BR /> <BR /> <B>Cause</B><BR /> A vulnerability (<A href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3192" target="_blank" rel="nofollow noreferrer noopener">CVE-2011-3192</A>) patch update has broken a section of the Apache functionality, causing certain requests to use all of the HTTPD CPU cycles. <BR /> <BR /> <B>Solution</B><BR /> This is fixed as of f/w 8.21.07.0006, with a more complete fix as of f/w 8.21.08.0005. <BR /> <BR /> Upgrade to firmware 8.21.08.0005 or higher.<BR /> <A href="https://extranet.enterasys.com/downloads/Pages/WirelessControllers.aspx" target="_blank" rel="nofollow noreferrer noopener">Release notes</A> state, in the 'Changes in 8.21.07.0006' section:<BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">wns0009142</PRE></DIV> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">Solution to protect against denial of service attack disallows partial gets as explained in Known Issues section.</PRE></DIV><BR /> Release notes state, in the 'Changes in 8.21.08.0005' section: <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">wns0009142</PRE></DIV> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">Solution to protect against denial of service attack by disabling partial gets as explained in KB.</PRE></DIV><BR /> <BR /> The accompanying item in the 'Deployment Notes and Known Issues' section: <BR /> <B></B><PRE><B>Wns0009142 – info</B></PRE><BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">The controller will respond to HTTP requests containing the Range header with a Forbidden (403) error. This is to address current Denial of Service attacks that use the Range header. Range headers are used to download parts of a file through HTTP. They are not useful when dealing with the controller since most of its HTTP-downloadable files are small (e.g. graphics) or have a short lifetime (e.g. logs).</PRE></DIV> Sat, 09 Nov 2013 06:43:00 GMT https://community.extremenetworks.com/t5/faqs/identifi-wireless-controller-f-w-8-21-06-0006-reporting-high-cpu/m-p/46466#M397 FAQ_User 2013-11-09T06:43:00Z