VDB
CVE-2007-6750
CVE-2007-6750
PUBLISHED
CVSS 8.699999809265137 HIGH
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
EPSS 81.73% · 99.2th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
81.73%
99.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apache | http_server | 0, 1.0, 1.0.2 |
Exploit Intelligence
- solving TOR vulnerability, in other to make bruteforce difficult (hackerone)
- solving TOR vulnerability, in other to make bruteforce difficult (hackerone)
- solving TOR vulnerability, in other to make bruteforce difficult (hackerone)
- Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack. Slowloris was described at Defcon 17 by RSnake (see http://ha.ckers.org/slowloris/). This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more seconds after the first one, we can conclude that sending additional head... (nmap-nse)
- Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack. Slowloris was described at Defcon 17 by RSnake (see http://ha.ckers.org/slowloris/). This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more seconds after the first one, we can conclude that sending additional head... (nmap-nse)
- Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack. Slowloris was described at Defcon 17 by RSnake (see http://ha.ckers.org/slowloris/). This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more seconds after the first one, we can conclude that sending additional head... (nmap-nse)
- Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack. Slowloris was described at Defcon 17 by RSnake (see http://ha.ckers.org/slowloris/). This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more seconds after the first one, we can conclude that sending additional head... (nmap-nse)
- Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack. Slowloris was described at Defcon 17 by RSnake (see http://ha.ckers.org/slowloris/). This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more seconds after the first one, we can conclude that sending additional head... (nmap-nse)
- Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack. Slowloris was described at Defcon 17 by RSnake (see http://ha.ckers.org/slowloris/). This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more seconds after the first one, we can conclude that sending additional head... (nmap-nse)
- Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack. Slowloris was described at Defcon 17 by RSnake (see http://ha.ckers.org/slowloris/). This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more seconds after the first one, we can conclude that sending additional head... (nmap-nse)
…and 618 more exploits
Timeline
- CVE Published
- Aug 24, 2012 PoC Published
- Mar 18, 2015 PoC Published
- Jul 9, 2015 PoC Published
- Aug 28, 2015 PoC Published
- Sep 6, 2015 PoC Published
- Nov 26, 2015 PoC Published
- Jan 8, 2016 PoC Published
- Mar 15, 2016 PoC Published
- Mar 21, 2016 PoC Published
- Jun 20, 2016 PoC Published
- Nov 9, 2016 PoC Published
References
- https://support.apple.com/en-us/HT207604 advisory
- https://support.apple.com/en-us/HT207607 advisory
- https://support.apple.com/en-us/HT207615 advisory
- https://support.apple.com/en-us/HT207602 advisory
- https://support.apple.com/en-us/HT207600 advisory
- https://support.apple.com/en-us/HT207595 advisory
- https://support.apple.com/en-us/HT207601 advisory
- https://support.apple.com/en-us/HT207617 advisory
- http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html advisory
- https://fortiguard.com/psirt/FG-IR-19-013 advisory
- http://www.xerox.com/download/security/security-bulletin/10be6-4f72fbafb1868/cert_XRX14-002_v1.0.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-6750 advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72345 url
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 url
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 url
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19481 url
- http://archives.neohapsis.com/archives/bugtraq/2007-01/0229.html url
- http://ha.ckers.org/slowloris url
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html url
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html url
…and 4 more