Vulnerabilities > CVE-2007-6750 - Resource Management Errors vulnerability in Apache Http Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
apache
CWE-399
nessus
metasploit

Summary

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

Vulnerable Configurations

Part Description Count
Application
Apache
125

Common Weakness Enumeration (CWE)

Metasploit

descriptionSlowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to-but never completing-the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients.
idMSF:AUXILIARY/DOS/HTTP/SLOWLORIS
last seen2020-05-26
modified2018-08-28
published2017-11-21
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/slowloris.py
titleSlowloris Denial of Service Attack

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_SERVER_5_3.NASL
    descriptionThe version of macOS Server (formerly known as Mac OS X Server) installed on the remote host is prior to 5.3. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the Apache HTTP server when handling a saturation of partial HTTP requests. An unauthenticated, remote attacker can exploit this to crash the daemon. (CVE-2007-6750) - A denial of service vulnerability exists in Action Pack in Ruby on Rails due to improper restrictions on the use of the MIME type cache when handling specially crafted HTTP accept headers. An unauthenticated, remote attacker can exploit this to cause the cache to grow indefinitely. (CVE-2016-0751) - An information disclosure vulnerability exists in the Wiki Server component due to improper checking of unspecified permissions. An unauthenticated, remote can exploit this to enumerate users. (CVE-2017-2382)
    last seen2020-06-01
    modified2020-06-02
    plugin id99128
    published2017-03-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99128
    titlemacOS : macOS Server < 5.3 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-12 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers and research paper referenced below for details. Impact : A remote attacker could send a specially crafted request to possibly execute arbitrary code, cause Denial of Service, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70085
    published2013-09-24
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70085
    titleGLSA-201309-12 : Apache HTTP Server: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-132.NASL
    description- httpd-2.2.x-bnc743743-CVE-2012-0053-server_protocol_c-cookie_exposure.diff addresses CVE-2012-0053: error responses can expose cookies when no custom 400 error code ErrorDocument is configured. [bnc#743743] - httpd-2.2.x-bnc741243-CVE-2012-0031-scoreboard_handling.diff: scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. This is rated low impact. Notice: https://svn.apache.org/viewvc?view=revision&revision=1230065 makes a change to the struct global_score, which causes binary incompatibility. The change in above patch only goes as far as the binary compatibility allows; the vulnerability is completely fixed, though. CVE-2012-0031 [bnc#741243] - /etc/init.d/apache2: new argument
    last seen2020-06-05
    modified2014-06-13
    plugin id74555
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74555
    titleopenSUSE Security Update : apache2 (openSUSE-2012-132)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL12636.NASL
    descriptionThe Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15. (CVE-2007-6750) Impact The Slowloris attack is a type of denial-of-service (DoS) attack that targets threaded web servers. It attempts to monopolize all of the available request handling threads on the web server by sending HTTP requests that never complete. Because each request consumes a thread, the Slowloris attack eventually consumes all of the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id97419
    published2017-02-28
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97419
    titleF5 Networks BIG-IP : Slowloris denial-of-service attack vulnerability (K12636)
  • NASL familyWeb Servers
    NASL idAPACHE_2_2_15.NASL
    descriptionAccording to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555) - The
    last seen2020-06-01
    modified2020-06-02
    plugin id45004
    published2010-10-20
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45004
    titleApache 2.2.x < 2.2.15 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-201202-120203.NASL
    descriptionThis update of apache2 and libapr1 fixes regressions and several security problems. - Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. (CVE-2012-0031) - Fixed an issue in error responses that could expose
    last seen2020-06-05
    modified2012-02-20
    plugin id58030
    published2012-02-20
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58030
    titleSuSE 11.1 Security Update : Apache2 (SAT Patch Number 5760)
  • NASL familyWeb Servers
    NASL idHPSMH_7_5_5.NASL
    descriptionAccording to its banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is affected by the following vulnerabilities : - A denial of service vulnerability exists in the Apache HTTP Server due to the lack of the mod_reqtimeout module. An unauthenticated, remote attacker can exploit this, via a saturation of partial HTTP requests, to cause a daemon outage. (CVE-2007-6750) - A cross-site scripting (XSS) vulnerability exists in jQuery when using location.hash to select elements. An unauthenticated, remote attacker can exploit this, via a specially crafted tag, to inject arbitrary script code or HTML into the user
    last seen2020-06-01
    modified2020-06-02
    plugin id91222
    published2016-05-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91222
    titleHP System Management Homepage Multiple Vulnerabilities (HPSBMU03593)
  • NASL familyMisc.
    NASL idIBM_STORWIZE_1_5_0_2.NASL
    descriptionThe remote IBM Storwize device is running a version that is 1.3.x prior to 1.4.3.4 or 1.5.x prior to 1.5.0.2. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists due to a flaw in the bundled version of Apache HTTP Server. A remote attacker can exploit this, via partial HTTP requests, to cause a daemon outage, resulting in a denial of service condition. (CVE-2007-6750) - An HTTP request smuggling vulnerability exists due to a flaw in the bundled version of Apache Tomcat; when an HTTP connector or AJP connector is used, Tomcat fails to properly handle certain inconsistent HTTP request headers. A remote attacker can exploit this flaw, via multiple Content-Length headers or a Content-Length header and a
    last seen2020-06-01
    modified2020-06-02
    plugin id84401
    published2015-06-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84401
    titleIBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-201202-7972.NASL
    descriptionThis update of apache fixes regressions and several security problems : - Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. (bnc#741243, CVE-2012-0031) - Fixed an issue in error responses that could expose
    last seen2020-06-05
    modified2012-02-29
    plugin id58166
    published2012-02-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58166
    titleSuSE 10 Security Update : Apache2 (ZYPP Patch Number 7972)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-0469-1.NASL
    descriptionThis Apache2 LTSS roll-up update for SUSE Linux Enterprise 10 SP3 LTSS fixes the following security issues and bugs : - CVE-2012-4557: Denial of Service via special requests in mod_proxy_ajp - CVE-2012-0883: improper LD_LIBRARY_PATH handling - CVE-2012-2687: filename escaping problem - CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. - CVE-2012-0053: Fixed an issue in error responses that could expose
    last seen2020-06-05
    modified2015-05-20
    plugin id83578
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83578
    titleSUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_APACHE2-201202-120216.NASL
    descriptionThis update of apache2 fixes regressions and several security problems : bnc#728876, fix graceful reload bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. bnc#743743, CVE-2012-0053: Fixed an issue in error responses that could expose
    last seen2020-06-05
    modified2014-06-13
    plugin id75789
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75789
    titleopenSUSE Security Update : apache2-201202 (openSUSE-SU-2012:0314-1)

Oval

accepted2015-04-20T04:01:21.779-04:00
classvulnerability
contributors
  • nameGanesh Manal
    organizationHewlett-Packard
  • nameSushant Kumar Singh
    organizationHewlett-Packard
  • namePrashant Kumar
    organizationHewlett-Packard
  • nameMike Cokus
    organizationThe MITRE Corporation
descriptionThe Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
familyunix
idoval:org.mitre.oval:def:19481
statusaccepted
submitted2013-11-22T11:43:28.000-05:00
titleHP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
version49