Slow HTTP Headers Vulnerability

During QUALYS Web Application Scanning of Oracle Fusion (Integration Layer), if one is facing the below security vulnerability, then follow the steps mentioned in the solution.

ID and Name

150079 and Slow HTTP Headers

Threat

The web application is possibly vulnerable to “slow HTTP headers” Denial of Service (DoS) attack. This is an application-level DoS, that occurs when an attacker holds server connections open by sending partial HTTP requests and continues to send subsequent headers at some interval to prevent the server from closing sockets. In this way, the webserver becomes unavailable because the number of available sockets decreases and memory usage may increase, especially if the server allocates a thread per connection. One of the reasons for this behaviour is that some servers have “no data” timers, that reset each time a byte arrives at the socket, but the server does not enforce an overall time limit for a connection. For example, the attacker sends the data for its request one byte at a time over several minutes rather than following the expected behaviour of transmitting a complete request of several hundred bytes in a single packet. This enables the attacker to prolong the connection virtually forever.

Impact

All other services remain intact but the web server itself becomes completely inaccessible.

Solution

1. Login to Fusion Weblogic Admin Console using weblogic credentials
2. Click on Lock and Edit
3. Click on Servers
4. Click on Admin Server
5. Go to Protocols (tab)
6. Go to HTTP (tab)
7. Amend Max Post Size to ‘10480’ and HTTP Max Message Size to ‘10480000’
8. Click on Save and Release Configuration

NOTE: Max Post size and HTTP Max Message Size depends on the sent or received Post and HTTP maximum message size in bytes.

References: Impact and Threat are an exact message displayed in the QUALYS WAS report.