VDB
DEBIAN-CVE-2007-0086
DEBIAN-CVE-2007-0086
PUBLISHED
CVSS 8.699999809265137 HIGH
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | apache2 | *, 2.4.54-1, 2.4.54-1 |
| Debian:12 | apache2 | 2.4.57-2, 2.4.66-8, * |
| Debian:14 | apache2 | 2.4.66-1, 0, 2.4.65-2 |
| Debian:13 | apache2 | 0, 2.4.66-8, * |
Timeline
- Jan 5, 2007 CVE Published
- Apr 28, 2026 CVE Updated