Vulnerabilities > CVE-2007-6750 - Resource Management Errors vulnerability in Apache Http Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Metasploit
| description | Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to-but never completing-the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients. |
| id | MSF:AUXILIARY/DOS/HTTP/SLOWLORIS |
| last seen | 2020-05-26 |
| modified | 2018-08-28 |
| published | 2017-11-21 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/slowloris.py |
| title | Slowloris Denial of Service Attack |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOS_SERVER_5_3.NASL description The version of macOS Server (formerly known as Mac OS X Server) installed on the remote host is prior to 5.3. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the Apache HTTP server when handling a saturation of partial HTTP requests. An unauthenticated, remote attacker can exploit this to crash the daemon. (CVE-2007-6750) - A denial of service vulnerability exists in Action Pack in Ruby on Rails due to improper restrictions on the use of the MIME type cache when handling specially crafted HTTP accept headers. An unauthenticated, remote attacker can exploit this to cause the cache to grow indefinitely. (CVE-2016-0751) - An information disclosure vulnerability exists in the Wiki Server component due to improper checking of unspecified permissions. An unauthenticated, remote can exploit this to enumerate users. (CVE-2017-2382) last seen 2020-06-01 modified 2020-06-02 plugin id 99128 published 2017-03-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99128 title macOS : macOS Server < 5.3 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-12.NASL description The remote host is affected by the vulnerability described in GLSA-201309-12 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers and research paper referenced below for details. Impact : A remote attacker could send a specially crafted request to possibly execute arbitrary code, cause Denial of Service, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70085 published 2013-09-24 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70085 title GLSA-201309-12 : Apache HTTP Server: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-132.NASL description - httpd-2.2.x-bnc743743-CVE-2012-0053-server_protocol_c-cookie_exposure.diff addresses CVE-2012-0053: error responses can expose cookies when no custom 400 error code ErrorDocument is configured. [bnc#743743] - httpd-2.2.x-bnc741243-CVE-2012-0031-scoreboard_handling.diff: scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. This is rated low impact. Notice: https://svn.apache.org/viewvc?view=revision&revision=1230065 makes a change to the struct global_score, which causes binary incompatibility. The change in above patch only goes as far as the binary compatibility allows; the vulnerability is completely fixed, though. CVE-2012-0031 [bnc#741243] - /etc/init.d/apache2: new argument last seen 2020-06-05 modified 2014-06-13 plugin id 74555 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74555 title openSUSE Security Update : apache2 (openSUSE-2012-132) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL12636.NASL description The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15. (CVE-2007-6750) Impact The Slowloris attack is a type of denial-of-service (DoS) attack that targets threaded web servers. It attempts to monopolize all of the available request handling threads on the web server by sending HTTP requests that never complete. Because each request consumes a thread, the Slowloris attack eventually consumes all of the web server last seen 2020-06-01 modified 2020-06-02 plugin id 97419 published 2017-02-28 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97419 title F5 Networks BIG-IP : Slowloris denial-of-service attack vulnerability (K12636) NASL family Web Servers NASL id APACHE_2_2_15.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555) - The last seen 2020-06-01 modified 2020-06-02 plugin id 45004 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45004 title Apache 2.2.x < 2.2.15 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-201202-120203.NASL description This update of apache2 and libapr1 fixes regressions and several security problems. - Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. (CVE-2012-0031) - Fixed an issue in error responses that could expose last seen 2020-06-05 modified 2012-02-20 plugin id 58030 published 2012-02-20 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58030 title SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5760) NASL family Web Servers NASL id HPSMH_7_5_5.NASL description According to its banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is affected by the following vulnerabilities : - A denial of service vulnerability exists in the Apache HTTP Server due to the lack of the mod_reqtimeout module. An unauthenticated, remote attacker can exploit this, via a saturation of partial HTTP requests, to cause a daemon outage. (CVE-2007-6750) - A cross-site scripting (XSS) vulnerability exists in jQuery when using location.hash to select elements. An unauthenticated, remote attacker can exploit this, via a specially crafted tag, to inject arbitrary script code or HTML into the user last seen 2020-06-01 modified 2020-06-02 plugin id 91222 published 2016-05-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91222 title HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593) NASL family Misc. NASL id IBM_STORWIZE_1_5_0_2.NASL description The remote IBM Storwize device is running a version that is 1.3.x prior to 1.4.3.4 or 1.5.x prior to 1.5.0.2. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists due to a flaw in the bundled version of Apache HTTP Server. A remote attacker can exploit this, via partial HTTP requests, to cause a daemon outage, resulting in a denial of service condition. (CVE-2007-6750) - An HTTP request smuggling vulnerability exists due to a flaw in the bundled version of Apache Tomcat; when an HTTP connector or AJP connector is used, Tomcat fails to properly handle certain inconsistent HTTP request headers. A remote attacker can exploit this flaw, via multiple Content-Length headers or a Content-Length header and a last seen 2020-06-01 modified 2020-06-02 plugin id 84401 published 2015-06-26 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84401 title IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-201202-7972.NASL description This update of apache fixes regressions and several security problems : - Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. (bnc#741243, CVE-2012-0031) - Fixed an issue in error responses that could expose last seen 2020-06-05 modified 2012-02-29 plugin id 58166 published 2012-02-29 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58166 title SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7972) NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-0469-1.NASL description This Apache2 LTSS roll-up update for SUSE Linux Enterprise 10 SP3 LTSS fixes the following security issues and bugs : - CVE-2012-4557: Denial of Service via special requests in mod_proxy_ajp - CVE-2012-0883: improper LD_LIBRARY_PATH handling - CVE-2012-2687: filename escaping problem - CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. - CVE-2012-0053: Fixed an issue in error responses that could expose last seen 2020-06-05 modified 2015-05-20 plugin id 83578 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83578 title SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1) NASL family SuSE Local Security Checks NASL id SUSE_11_4_APACHE2-201202-120216.NASL description This update of apache2 fixes regressions and several security problems : bnc#728876, fix graceful reload bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. bnc#743743, CVE-2012-0053: Fixed an issue in error responses that could expose last seen 2020-06-05 modified 2014-06-13 plugin id 75789 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75789 title openSUSE Security Update : apache2-201202 (openSUSE-SU-2012:0314-1)
Oval
| accepted | 2015-04-20T04:01:21.779-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| description | The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15. | ||||||||||||||||
| family | unix | ||||||||||||||||
| id | oval:org.mitre.oval:def:19481 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2013-11-22T11:43:28.000-05:00 | ||||||||||||||||
| title | HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities | ||||||||||||||||
| version | 49 |
References
- http://archives.neohapsis.com/archives/bugtraq/2007-01/0229.html
- http://ha.ckers.org/slowloris/
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html
- http://marc.info/?l=bugtraq&m=136612293908376&w=2
- http://www.securityfocus.com/bid/21865
- http://www.securitytracker.com/id/1038144
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72345
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19481