What is CVE-2007-6750?

CVE-2007-6750 is a vulnerability in Apache Http_server, classified under CWE-399. Published 2011-12-27.

Is CVE-2007-6750 known to be exploited?

78 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Http_server

CVE-2007-6750

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

EPSS: 0.817 (99.2th percentile) — read the EPSS interpretation.

Affected products

Apache Http_server — versions 1.0, 1.0.2, 1.0.3
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

SSRT101139 (x_refsource_HP, vendor-advisory)
1038144 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_MISC)
20070105 Re: a cheesy Apache / IIS DoS vuln (+a question) (mailing-list, x_refsource_BUGTRAQ)
oval:org.mitre.oval:def:19481 (x_refsource_OVAL, signature, vdb-entry)
apache-server-http-dos(72345) (vdb-entry, x_refsource_XF)
openSUSE-SU-2012:0314 (vendor-advisory, x_refsource_SUSE)
21865 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2007-6750?: CVE-2007-6750 is a vulnerability in Apache Http_server, classified under CWE-399. Published 2011-12-27.
Is CVE-2007-6750 known to be exploited?: 78 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.