Article ID: 15085
Products
C20, C25, C4110, C5110, C5210, V2110; firmware 8.11.01.0161 through 8.21.06.0006
IdentiFi (formerly Enterasys, HiPath) Wireless Controller
Symptoms
Users are unable to connect to the Wireless network.
-and/or-
Overall client performance issues, such as poor connections, dropped connections, or spotty coverage.
-and/or-
Controller Web GUI is slow to respond after clicking on a web site.
Cause
A vulnerability (
CVE-2011-3192) patch update has broken a section of the Apache functionality, causing certain requests to use all of the HTTPD CPU cycles.
Solution
This is fixed as of f/w 8.21.07.0006, with a more complete fix as of f/w 8.21.08.0005.
Upgrade to firmware 8.21.08.0005 or higher.
Release notes state, in the 'Changes in 8.21.07.0006' section:
code:Solution to protect against denial of service attack disallows partial gets as explained in Known Issues section.
Release notes state, in the 'Changes in 8.21.08.0005' section:
code:Solution to protect against denial of service attack by disabling partial gets as explained in KB.
The accompanying item in the 'Deployment Notes and Known Issues' section:
Wns0009142 – info
code:The controller will respond to HTTP requests containing the Range header with a Forbidden (403) error. This is to address current Denial of Service attacks that use the Range header. Range headers are used to download parts of a file through HTTP. They are not useful when dealing with the controller since most of its HTTP-downloadable files are small (e.g. graphics) or have a short lifetime (e.g. logs).
