CVE-2007-6750 — Apache Http Server vulnerability

CWE-39911 documents10 sources

Severity

5.0MEDIUMNVD

EPSS

81.7%

top 0.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedDec 27

Latest updateNov 28

Description

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server2.2.14+114

🔴Vulnerability Details

GHSA

GHSA-fx24-j44g-7fh6: The Apache HTTP Server 1↗2022-05-01

▶

CVEList

CVE-2007-6750: The Apache HTTP Server 1↗2011-12-27

▶

OSV

CVE-2007-6750: The Apache HTTP Server 1↗2011-12-27

▶

📋Vendor Advisories

Apple

CVE-2007-6750: macOS Server 5.3↗2017-03-27

▶

Red Hat

httpd: Apache Slowloris denial of service↗2009-06-17

▶

Debian

CVE-2007-6750: apache2 - The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of ...↗2007

▶

📄Research Papers

CTF

LazyAdmin / README↗

▶

💬Community

HackerOne

solving TOR vulnerability, in other to make bruteforce difficult↗2023-11-28

▶

Bugzilla

CVE-2012-5568 tomcat: Slowloris denial of service↗2012-11-26

▶

Bugzilla

CVE-2007-6750 httpd: Apache Slowloris denial of service↗2009-06-26

▶