5
CVSSv2

CVE-2007-6750

Published: 27/12/2011 Updated: 10/01/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 557
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The Apache HTTP Server 1.x and 2.x allows remote malicious users to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions prior to 2.2.15.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheHttp Server1.0, 1.0.2, 1.0.3, 1.0.5, 1.1, 1.1.1, 1.2, 1.2.4, 1.2.5, 1.2.6, 1.2.9, 1.3, 1.3.0, 1.3.1, 1.3.1.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.11, 1.3.12, 1.3.13, 1.3.14, 1.3.15, 1.3.16, 1.3.17, 1.3.18, 1.3.19, 1.3.20, 1.3.22, 1.3.23, 1.3.24, 1.3.25, 1.3.26, 1.3.27, 1.3.28, 1.3.29, 1.3.30, 1.3.31, 1.3.32, 1.3.33, 1.3.34, 1.3.35, 1.3.36, 1.3.37, 1.3.38, 1.3.39, 1.3.41, 1.3.42, 1.3.65, 1.3.68, 1.4.0, 1.99, 2.0, 2.0.9, 2.0.28, 2.0.32, 2.0.34, 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40, 2.0.41, 2.0.42, 2.0.43, 2.0.44, 2.0.45, 2.0.46, 2.0.47, 2.0.48, 2.0.49, 2.0.50, 2.0.51, 2.0.52, 2.0.53, 2.0.54, 2.0.55, 2.0.56, 2.0.57, 2.0.58, 2.0.59, 2.0.60, 2.0.61, 2.0.63, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.2, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.6, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14

Vendor Advisories

About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Oracle Critical Patch Update Advisory - January 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

Nmap Scripts

http-slowloris-check

Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack.

nmap --script http-slowloris-check  <target>

PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep many connections to the target web server open and hold | them open as long as possible. It accomplishes this by opening connections to | the target web server and sending a partial request. By doing so, it starves | the http server's resources causing Denial Of Service. | | Disclosure date: 2009-09-17 | References: | http://ha.ckers.org/slowloris/ |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

Metasploit Modules

Slowloris Denial of Service Attack

Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to-but never completing-the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients.

msf > use auxiliary/dos/http/slowloris
msf auxiliary(slowloris) > show actions
    ...actions...
msf auxiliary(slowloris) > set ACTION < action-name >
msf auxiliary(slowloris) > show options
    ...show and set options...
msf auxiliary(slowloris) > run

Github Repositories

pwnloris An improved slowloris DOS tool which keeps attacking until the server starts getting exhausted Detailed info This tool abuses the CVE-2007-6750 and CVE-2012-5568 vulnerabilities The exploits works by using just one machine by creating multiple threads and sending from each thread incomplete requests while keeping the connections alive thus using up all the resources

This simple script uses open source software (nmap, vFeed and DPE) and performs almost same task as Nessus or AVDS vFeed - Aggregated Vulnerability Database - wwwtoolswatchorg/vfeed/ DPE - Default Password Enumeration - wwwtoolswatchorg/dpe/ install Debian/Ubuntu required packages: $ sudo apt-get install nmap python27 php5-cli php5-sqlite -y $ git clone h

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

repository ini digunakan untuk belajar

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from