SB2011122703 - Denial of service in Apache HTTP Server
Published: December 27, 2011 Updated: July 3, 2023
Security Bulletin ID
SB2011122703
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2007-6750)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the web server when handling HTTP requests, related to mod_reqtimeout module. A remote attacker can pass specially crafted requests to the web server and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- http://archives.neohapsis.com/archives/bugtraq/2007-01/0229.html
- http://ha.ckers.org/slowloris/
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html
- http://marc.info/?l=bugtraq&m=136612293908376&w=2
- http://www.securityfocus.com/bid/21865
- http://www.securitytracker.com/id/1038144
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72345
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19481