VDB
CVE-2007-0086
CVE-2007-0086
PUBLISHED
CVSS 7.800000190734863 HIGH
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal
EPSS 2.44% · 85.5th percentile
Risk Scores
CVSS 2.0
7.800000190734863
EPSS Score
2.44%
85.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| apache | http_server |
Exploit Intelligence
- Out-of-date Version (Apache) (hackerone)
- Out-of-date Version (Apache) (hackerone)
- Out-of-date Version (Apache) (hackerone)
- 33456 (circl)
- 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) (circl)
- 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) (circl)
- 20070103 a cheesy Apache / IIS DoS vuln (+a question) (circl)
- 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) (circl)
Timeline
- CVE Published
- Dec 2, 2019 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Feb 13, 2024 EPSS Score
- Apr 5, 2024 EPSS Score
References
- 33456 vdb
- 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) mailing-list
- 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) mailing-list
- 20070103 a cheesy Apache / IIS DoS vuln (+a question) mailing-list
- 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2007-0086 advisory