5
CVSSv2

CVE-2007-6750

Published: 27/12/2011 Updated: 21/11/2024

Vulnerability Summary

The Apache HTTP Server 1.x and 2.x allows remote malicious users to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions prior to 2.2.15.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

apache http server 1.0

apache http server 1.0.2

apache http server 1.0.3

apache http server 1.0.5

apache http server 1.1

apache http server 1.1.1

apache http server 1.2

apache http server 1.2.4

apache http server 1.2.5

apache http server 1.2.6

apache http server 1.2.9

apache http server 1.3

apache http server 1.3.0

apache http server 1.3.1

apache http server 1.3.1.1

apache http server 1.3.2

apache http server 1.3.3

apache http server 1.3.4

apache http server 1.3.5

apache http server 1.3.6

apache http server 1.3.7

apache http server 1.3.8

apache http server 1.3.9

apache http server 1.3.10

apache http server 1.3.11

apache http server 1.3.12

apache http server 1.3.13

apache http server 1.3.14

apache http server 1.3.15

apache http server 1.3.16

apache http server 1.3.17

apache http server 1.3.18

apache http server 1.3.19

apache http server 1.3.20

apache http server 1.3.22

apache http server 1.3.23

apache http server 1.3.24

apache http server 1.3.25

apache http server 1.3.26

apache http server 1.3.27

apache http server 1.3.28

apache http server 1.3.29

apache http server 1.3.30

apache http server 1.3.31

apache http server 1.3.32

apache http server 1.3.33

apache http server 1.3.34

apache http server 1.3.35

apache http server 1.3.36

apache http server 1.3.37

apache http server 1.3.38

apache http server 1.3.39

apache http server 1.3.41

apache http server 1.3.42

apache http server 1.3.65

apache http server 1.3.68

apache http server 1.4.0

apache http server 1.99

apache http server 2.0

apache http server 2.0.9

apache http server 2.0.28

apache http server 2.0.32

apache http server 2.0.34

apache http server 2.0.35

apache http server 2.0.36

apache http server 2.0.37

apache http server 2.0.38

apache http server 2.0.39

apache http server 2.0.40

apache http server 2.0.41

apache http server 2.0.42

apache http server 2.0.43

apache http server 2.0.44

apache http server 2.0.45

apache http server 2.0.46

apache http server 2.0.47

apache http server 2.0.48

apache http server 2.0.49

apache http server 2.0.50

apache http server 2.0.51

apache http server 2.0.52

apache http server 2.0.53

apache http server 2.0.54

apache http server 2.0.55

apache http server 2.0.56

apache http server 2.0.57

apache http server 2.0.58

apache http server 2.0.59

apache http server 2.0.60

apache http server 2.0.61

apache http server 2.0.63

apache http server 2.1

apache http server 2.1.1

apache http server 2.1.2

apache http server 2.1.3

apache http server 2.1.4

apache http server 2.1.5

apache http server 2.1.6

apache http server 2.1.7

apache http server 2.1.8

apache http server 2.1.9

apache http server 2.2

apache http server 2.2.0

apache http server 2.2.1

apache http server 2.2.2

apache http server 2.2.3

apache http server 2.2.4

apache http server 2.2.6

apache http server 2.2.8

apache http server 2.2.9

apache http server 2.2.10

apache http server 2.2.11

apache http server 2.2.12

apache http server 2.2.13

Nmap Scripts

http-slowloris-check

Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack.

nmap --script http-slowloris-check  <target>

PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep many connections to the target web server open and hold | them open as long as possible. It accomplishes this by opening connections to | the target web server and sending a partial request. By doing so, it starves | the http server's resources causing Denial Of Service. | | Disclosure date: 2009-09-17 | References: | http://ha.ckers.org/slowloris/ |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

Github Repositories

pwnloris An improved slowloris DOS tool which keeps attacking until the server starts getting exhausted Detailed info This tool abuses the CVE-2007-6750 and CVE-2012-5568 vulnerabilities The exploits works by using just one machine by creating multiple threads and sending from each thread incomplete requests while keeping the connections alive thus using up all the resources

Writeup of the room called "Kiba" on TryHackMe done for educational purposes.

Kiba I started with a basic nmap scan to find out which ports are open $ nmap -p- 1010250164 Starting Nmap 780 ( nmaporg ) at 2023-06-06 14:30 CEST Nmap scan report for 1010250164 Host is up (0047s latency) Not shown: 65531 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 5044/tcp open lxi-evntsvc 5601/tcp open esmagent

Hack into a Mr. Robot themed Windows machine. Use metasploit for initial access, utilise powershell for Windows privilege escalation enumeration and learn a new technique to get Administrator access.

Steel Mountain tryhackmecom/room/steelmountain Hack into a Mr Robot themed Windows machine Use metasploit for initial access, utilise powershell for Windows privilege escalation enumeration and learn a new technique to get Administrator access F3d3r!c0 | Nov 20th, 2020 [Task 1] Introduction In this room you will enumerate a Windows machine, gain initial access with

My Pentesting knowledge I grew throughout the years of Pentesting. This is updated often and I hope it helps you understand!

Pentesting-Resources My Pentesting knowledge I grew throughout the years of Pentesting This is updated often and I hope it helps you understand! Protocols/Services Protocols TCP 3-Ways-Handshake UDP TCP vs UDP Protocols &amp; Services FTP - TCP - 21 SSH - TCP - 22 Telnet - TCP - 23 SMTP - TCP - 25 DNS - TCP/UDP - 53 DHCP - UDP - 67/68 Tools Enumeration &a

NMAP

NMAP NMAP NMAP CIBERSEGURIDAD Identificación de Infraestructuras Tecnológicas con NMAP Nmap (“mapeador de redes”) es una herramienta de código abierto para exploración de red y auditoría de seguridad Se diseñó para analizar rápidamente grandes redes, aunque funciona muy bien contra equipos ind

Máquina: Ice Tryhackme: Ice Lo primero que haremos, será lanzar un NMAP para ver qué puertos tiene abiertos la máquina: En la imagen anterior podemos ver varios puertos abiertos, los más interesantes a primera vista podrían ser: Puerto 445: Servicio SMB Puerto 3389: Servicio RDP Puerto 8000: Servidor Icecast streaming media server

There is a company that seems unreliable. You must think like a hacker and hack it easily. I think you do not need a hint but here are the nudges for you. For the user, you should understand how it works` and manipulate it. You might need everything that you’ll find. For root, wait a minute.

Cengbox:1 ~Vulnhub Walkthrough DISCRIPTION Name: CengBox: 1 Author:&nbsp;Arslan Difficulty : beginner/intermediate There is a company that seems unreliable You must think like a hacker and hack it easily I think you do not need a hint but here are the nudges for you For the user, you should understand how it works` and manipulate it You might need everything that you&

Nmap Room - 10104933 Task3 - nMap scanning tryhackmecom/room/rpnmap 1 Let's go ahead and start with the basics and perform a syn scan on the box provided What will this command be without the host IP address? nmap -sS 2 After scanning this, how many ports do we find open under 1000? 2

This is a small boot2root VM I created for my university’s cyber security group. It contains multiple remote vulnerabilities and multiple privilege escalation vectors. I did all of my testing for this VM on VirtualBox, so that’s the recommended platform. I have been informed that it also works with VMware, but I haven’t tested this personally. T…

Basic-Pentesting-1 Description: This is a small boot2root VM I created for my university’s cyber security group It contains multiple remote vulnerabilities and multiple privilege escalation vectors I did all of my testing for this VM on VirtualBox, so that’s the recommended platform I have been informed that it also works with VMware, but I haven’t tested t

Trabalho Final de Segurança da Informação: Universidade do Sul de Santa Catarina Nome: Murilo Furlan de Sousa Segurança de Redes Data: 01/12/2021 Neste arquivo será documentado o processo completo de um pentest na minha rede interna e externa, desde reconhecimento inicial até exploração de vulnerabilidades encontradas Et

Be the investigator to finish this machine,Its for only beginners, Share your Screen shot on telegram group, Group link will be in flag. Author: Sivanesh Kumar

Investigator:1 ~Vulnhub Writeup Be the investigator to finish this machine,Its for only beginners, Share your Screen shot on telegram group, Group link will be in flag Author: Sivanesh Kumar Download link- downloadvulnhubcom/investigator/Investigatorova SCANNING Scanning target ip-address using nmap full port scanning nmap -p- 192168122136 Lets find out service

A simple pure Python3 Slowloris implementation for educational purposes.

Slowloris A simple pure Python3 Slowloris implementation for educational purposes Includes Docker files for building demonstration targets Related CVE: CVE-2007-6750 Usage python3 slowlorispy {HOST} {PORT} {NUMBER_OF_CONNECTIONS} eg python3 slowlorispy localhost 8080 1000 Build Targets (Optio

Universidad Nacional de Costa Rica, Campus Nicoya Bachillerato en Ingenieria en Sistemas de Información - Seguridad Informatica Sabado 16 de Octubre de 2021 Elaborado por: Eddie Alfaro Villegas ealfarov02@estunaaccr Identificación de Infraestructuras Tecnológicas con NMAP Nmap (“mapeador de redes”) es una herramienta de cód

Funciona pra explorar o CVE-2007-6750 (vulnerabilidade ao DoS de slowloris)

slowl0ris Funciona pra explorar o CVE-2007-6750 (vulnerabilidade ao DoS de slowloris)

Escaneo nmap

Nmap Scan Script Este es un script de bash para realizar escaneos de puertos y vulnerabilidades utilizando Nmap Uso Para ejecutar el script, usa el siguiente comando: /escaneosh &lt;dirección IP&gt; Descripción El script realiza las siguientes tareas: Escanea todos los puertos de la dirección IP proporciona

This script successfully exploits: CVE-2007-6750, CVE-2012-5568

Q2-2K QHD WiFi Dashcam Writeup

PeztioQ2 Q2-2K QHD WiFi Dashcam Writeup NMAP Scan $ nmap 19216811 -Pn --script vuln -p- -T5 Starting Nmap 793 ( nmaporg ) at 2023-03-08 19:27 MST PORT STATE SERVICE 23/tcp open telnet 80/tcp open http | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep

A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc.. Name: Fristileaks 1.3 Author: Ar0xA Series: Fristileaks Style: Enumeration/Follow the breadcrumbs Goal: get root (uid 0) and read the flag file Tester(s): dqi, barrebas Difficulty: Basic

FristiLeaks:13 ~Vulnhub Walkthrough A small VM made for a Dutch informal hacker meetup called Fristileaks Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc Name: Fristileaks 13 Author: Ar0xA Series: Fristileaks Style: Enumeration/Follow the breadcrumbs Goal: get root (uid 0) and read the flag file Tester(s): dqi, barrebas Difficulty: B

01Broken Authentication Description: Flaws in authentication mechanisms that allow attackers to compromise passwords, keys, or session tokens Impact: Unauthorized access to user accounts and sensitive information Mitigation: Implement multi-factor authentication, secure password policies, and session management 02Cross-Origin Resource Sharing (CORS) Vulnerability Descripti

MetasplitTable2 Overview MetasplitTable2 is a penetration testing project focused on identifying and exploiting vulnerabilities in various network services and protocols The repository provides a detailed step-by-step guide for conducting assessments, showcasing real-world exploitation techniques, and recommending fixes to mitigate risks Features Thorough exploration of vuln

Network-Vulnerability-Assessment-with-Nmap this project will be particularly useful for anyone who is using an M chip macbook, and using UTM as a VM Project Description This project aims to demonstrate the use of Nmap, a powerful network scanning tool, to identify vulnerabilities within a controlled environment using Metasploitable, a deliberately vulnerable virtual machine on