CVE-2007-6750: Slow HTTP DoS Attacks Mitigation
First published: Tue Dec 27 2011(Updated: )
An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly. Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time to a Web server. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. When the server’s concurrent connection pool reaches its maximum, this creates a DoS. Slow HTTP attacks are easy to execute because they require only minimal resources from the attacker.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache HTTP server | =2.0.42 | |
| Apache HTTP server | =2.2 | |
| Apache HTTP server | =2.0.58 | |
| Apache HTTP server | =2.2.11 | |
| Apache HTTP server | =2.2.0 | |
| Apache HTTP server | =1.3.38 | |
| Apache HTTP server | =2.2.10 | |
| Apache HTTP server | =2.2.13 | |
| Apache HTTP server | =1.3.23 | |
| Apache HTTP server | =2.0.47 | |
| Apache HTTP server | =1.3.27 | |
| Apache HTTP server | =2.1 | |
| Apache HTTP server | =2.0.56 | |
| Apache HTTP server | =2.0.50 | |
| Apache HTTP server | =2.2.2 | |
| Apache HTTP server | =1.3.10 | |
| Apache HTTP server | =1.0.5 | |
| Apache HTTP server | =2.1.3 | |
| Apache HTTP server | =1.1.1 | |
| Apache HTTP server | =2.2.4 | |
| Apache HTTP server | =2.0.35 | |
| Apache HTTP server | =2.0.37 | |
| Apache HTTP server | =2.0.55 | |
| Apache HTTP server | <=2.2.14 | |
| Apache HTTP server | =1.3.33 | |
| Apache HTTP server | =1.3.8 | |
| Apache HTTP server | =2.1.2 | |
| Apache HTTP server | =2.1.1 | |
| Apache HTTP server | =1.3.36 | |
| Apache HTTP server | =2.0.44 | |
| Apache HTTP server | =1.3.16 | |
| Apache HTTP server | =1.3.1 | |
| Apache HTTP server | =1.3.25 | |
| Apache HTTP server | =1.3.28 | |
| Apache HTTP server | =1.3.19 | |
| Apache HTTP server | =2.0.39 | |
| Apache HTTP server | =1.3.31 | |
| Apache HTTP server | =1.3.68 | |
| Apache HTTP server | =1.3.24 | |
| Apache HTTP server | =1.3.5 | |
| Apache HTTP server | =2.2.8 | |
| Apache HTTP server | =2.0.52 | |
| Apache HTTP server | =1.3.20 | |
| Apache HTTP server | =1.0.2 | |
| Apache HTTP server | =2.1.7 | |
| Apache HTTP server | =2.0.53 | |
| Apache HTTP server | =1.4.0 | |
| Apache HTTP server | =2.0.57 | |
| Apache HTTP server | =1.3.35 | |
| Apache HTTP server | =2.0.51 | |
| Apache HTTP server | =1.1 | |
| Apache HTTP server | =1.3.6 | |
| Apache HTTP server | =2.0.28-beta | |
| Apache HTTP server | =1.3.2 | |
| Apache HTTP server | =2.0.63 | |
| Apache HTTP server | =1.3.34 | |
| Apache HTTP server | =2.0.41 | |
| Apache HTTP server | =2.0.49 | |
| Apache HTTP server | =1.3.4 | |
| Apache HTTP server | =2.1.6 | |
| Apache HTTP server | =1.2.5 | |
| Apache HTTP server | =2.0.9 | |
| Apache HTTP server | =1.3.13 | |
| Apache HTTP server | =1.0 | |
| Apache HTTP server | =2.0.34-beta | |
| Apache HTTP server | =1.2.4 | |
| Apache HTTP server | =1.3.39 | |
| Apache HTTP server | =1.3.30 | |
| Apache HTTP server | =1.3.18 | |
| Apache HTTP server | =2.0.61 | |
| Apache HTTP server | =2.1.9 | |
| Apache HTTP server | =2.2.6 | |
| Apache HTTP server | =2.0.32 | |
| Apache HTTP server | =1.3.65 | |
| Apache HTTP server | =1.0.3 | |
| Apache HTTP server | =2.0.38 | |
| Apache HTTP server | =1.3.0 | |
| Apache HTTP server | =2.2.9 | |
| Apache HTTP server | =1.3 | |
| Apache HTTP server | =1.3.12 | |
| Apache HTTP server | =2.1.4 | |
| Apache HTTP server | =2.0.48 | |
| Apache HTTP server | =1.3.3 | |
| Apache HTTP server | =1.3.17 | |
| Apache HTTP server | =1.3.1.1 | |
| Apache HTTP server | =2.0.45 | |
| Apache HTTP server | =1.3.26 | |
| Apache HTTP server | =1.3.9 | |
| Apache HTTP server | =2.2.12 | |
| Apache HTTP server | =2.0.40 | |
| Apache HTTP server | =2.1.5 | |
| Apache HTTP server | =2.0.36 | |
| Apache HTTP server | =1.3.32 | |
| Apache HTTP server | =1.3.15 | |
| Apache HTTP server | =1.3.14 | |
| Apache HTTP server | =1.3.42 | |
| Apache HTTP server | =1.3.29 | |
| Apache HTTP server | =1.99 | |
| Apache HTTP server | =2.2.3 | |
| Apache HTTP server | =2.0.46 | |
| Apache HTTP server | =1.3.22 | |
| Apache HTTP server | =1.3.37 | |
| Apache HTTP server | =1.3.11 | |
| Apache HTTP server | =1.2.6 | |
| Apache HTTP server | =2.0.54 | |
| Apache HTTP server | =2.0.43 | |
| Apache HTTP server | =2.0.59 | |
| Apache HTTP server | =2.1.8 | |
| Apache HTTP server | =1.2 | |
| Apache HTTP server | =1.2.9 | |
| Apache HTTP server | =1.3.7 | |
| Apache HTTP server | =2.0.28 | |
| Apache HTTP server | =2.0 | |
| Apache HTTP server | =1.3.41 | |
| Apache HTTP server | =2.0.32-beta | |
| Apache HTTP server | =2.2.1 | |
| Apache HTTP server | =2.0.60 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://ha.ckers.org/slowloris/
- http://archives.neohapsis.com/archives/bugtraq/2007-01/0229.html
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- http://marc.info/?l=bugtraq&m=136612293908376&w=2
- http://www.securityfocus.com/bid/21865
- http://www.securitytracker.com/id/1038144
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72345
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19481
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html
- https://www.fortiguard.com/psirt/cvrf/FG-IR-19-013
- https://www.fortiguard.com/psirt/FG-IR-19-013
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/first-publish-date
- collector/fortiguard-psirt
- source/FortiGuard
- alias/CVE-2019-17657
- alias/CVE-2007-6750
- agent/severity
- agent/references
- agent/title
- agent/description
- agent/event
- agent/tags
- agent/trending
- vendor/apache
- canonical/apache http server
- version/apache http server/2.0.42
- version/apache http server/2.2
- version/apache http server/2.0.58
- version/apache http server/2.2.11
- version/apache http server/2.2.0
- version/apache http server/1.3.38
- version/apache http server/2.2.10
- version/apache http server/2.2.13
- version/apache http server/1.3.23
- version/apache http server/2.0.47
- version/apache http server/1.3.27
- version/apache http server/2.1
- version/apache http server/2.0.56
- version/apache http server/2.0.50
- version/apache http server/2.2.2
- version/apache http server/1.3.10
- version/apache http server/1.0.5
- version/apache http server/2.1.3
- version/apache http server/1.1.1
- version/apache http server/2.2.4
- version/apache http server/2.0.35
- version/apache http server/2.0.37
- version/apache http server/2.0.55
- version/apache http server/2.2.14
- version/apache http server/1.3.33
- version/apache http server/1.3.8
- version/apache http server/2.1.2
- version/apache http server/2.1.1
- version/apache http server/1.3.36
- version/apache http server/2.0.44
- version/apache http server/1.3.16
- version/apache http server/1.3.1
- version/apache http server/1.3.25
- version/apache http server/1.3.28
- version/apache http server/1.3.19
- version/apache http server/2.0.39
- version/apache http server/1.3.31
- version/apache http server/1.3.68
- version/apache http server/1.3.24
- version/apache http server/1.3.5
- version/apache http server/2.2.8
- version/apache http server/2.0.52
- version/apache http server/1.3.20
- version/apache http server/1.0.2
- version/apache http server/2.1.7
- version/apache http server/2.0.53
- version/apache http server/1.4.0
- version/apache http server/2.0.57
- version/apache http server/1.3.35
- version/apache http server/2.0.51
- version/apache http server/1.1
- version/apache http server/1.3.6
- version/apache http server/2.0.28-beta
- version/apache http server/1.3.2
- version/apache http server/2.0.63
- version/apache http server/1.3.34
- version/apache http server/2.0.41
- version/apache http server/2.0.49
- version/apache http server/1.3.4
- version/apache http server/2.1.6
- version/apache http server/1.2.5
- version/apache http server/2.0.9
- version/apache http server/1.3.13
- version/apache http server/1.0
- version/apache http server/2.0.34-beta
- version/apache http server/1.2.4
- version/apache http server/1.3.39
- version/apache http server/1.3.30
- version/apache http server/1.3.18
- version/apache http server/2.0.61
- version/apache http server/2.1.9
- version/apache http server/2.2.6
- version/apache http server/2.0.32
- version/apache http server/1.3.65
- version/apache http server/1.0.3
- version/apache http server/2.0.38
- version/apache http server/1.3.0
- version/apache http server/2.2.9
- version/apache http server/1.3
- version/apache http server/1.3.12
- version/apache http server/2.1.4
- version/apache http server/2.0.48
- version/apache http server/1.3.3
- version/apache http server/1.3.17
- version/apache http server/1.3.1.1
- version/apache http server/2.0.45
- version/apache http server/1.3.26
- version/apache http server/1.3.9
- version/apache http server/2.2.12
- version/apache http server/2.0.40
- version/apache http server/2.1.5
- version/apache http server/2.0.36
- version/apache http server/1.3.32
- version/apache http server/1.3.15
- version/apache http server/1.3.14
- version/apache http server/1.3.42
- version/apache http server/1.3.29
- version/apache http server/1.99
- version/apache http server/2.2.3
- version/apache http server/2.0.46
- version/apache http server/1.3.22
- version/apache http server/1.3.37
- version/apache http server/1.3.11
- version/apache http server/1.2.6
- version/apache http server/2.0.54
- version/apache http server/2.0.43
- version/apache http server/2.0.59
- version/apache http server/2.1.8
- version/apache http server/1.2
- version/apache http server/1.2.9
- version/apache http server/1.3.7
- version/apache http server/2.0.28
- version/apache http server/2.0
- version/apache http server/1.3.41
- version/apache http server/2.0.32-beta
- version/apache http server/2.2.1
- version/apache http server/2.0.60