VIR Vulnerability Intelligence Relay

CVE-2007-6750

medium
Published 2011-12-27 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
6.0

Description

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

Predictions

Exploit likelihood
55%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Metasploit modules

auxiliary_dos/http/slowloris rank 300
Slowloris Denial of Service Attack
Source fetch failed: fetch_error โ€” view the original via the link above.

OS impact
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 2.2.15-3
sid Fixed 2.2.15-3
forky Fixed 2.2.15-3
bullseye Fixed 2.2.15-3
bookworm Fixed 2.2.15-3

Application impact
VendorProductVersionsFixed
apache apachehttp_server{"endIncluding":"2.2.14"}
apache apachehttp_server1.0
apache apachehttp_server1.0.2
apache apachehttp_server1.0.3
apache apachehttp_server1.0.5
apache apachehttp_server1.1
apache apachehttp_server1.1.1
apache apachehttp_server1.2
apache apachehttp_server1.2.4
apache apachehttp_server1.2.5
apache apachehttp_server1.2.6
apache apachehttp_server1.2.9
apache apachehttp_server1.3
apache apachehttp_server1.3.0
apache apachehttp_server1.3.1
apache apachehttp_server1.3.1.1
apache apachehttp_server1.3.2
apache apachehttp_server1.3.3
apache apachehttp_server1.3.4
apache apachehttp_server1.3.5
apache apachehttp_server1.3.6
apache apachehttp_server1.3.7
apache apachehttp_server1.3.8
apache apachehttp_server1.3.9
apache apachehttp_server1.3.10
apache apachehttp_server1.3.11
apache apachehttp_server1.3.12
apache apachehttp_server1.3.13
apache apachehttp_server1.3.14
apache apachehttp_server1.3.15
apache apachehttp_server1.3.16
apache apachehttp_server1.3.17
apache apachehttp_server1.3.18
apache apachehttp_server1.3.19
apache apachehttp_server1.3.20
apache apachehttp_server1.3.22
apache apachehttp_server1.3.23
apache apachehttp_server1.3.24
apache apachehttp_server1.3.25
apache apachehttp_server1.3.26
apache apachehttp_server1.3.27
apache apachehttp_server1.3.28
apache apachehttp_server1.3.29
apache apachehttp_server1.3.30
apache apachehttp_server1.3.31
apache apachehttp_server1.3.32
apache apachehttp_server1.3.33
apache apachehttp_server1.3.34
apache apachehttp_server1.3.35
apache apachehttp_server1.3.36
apache apachehttp_server1.3.37
apache apachehttp_server1.3.38
apache apachehttp_server1.3.39
apache apachehttp_server1.3.41
apache apachehttp_server1.3.42
apache apachehttp_server1.3.65
apache apachehttp_server1.3.68
apache apachehttp_server1.4.0
apache apachehttp_server1.99
apache apachehttp_server2.0
apache apachehttp_server2.0.9
apache apachehttp_server2.0.28
apache apachehttp_server2.0.32
apache apachehttp_server2.0.34
apache apachehttp_server2.0.35
apache apachehttp_server2.0.36
apache apachehttp_server2.0.37
apache apachehttp_server2.0.38
apache apachehttp_server2.0.39
apache apachehttp_server2.0.40
apache apachehttp_server2.0.41
apache apachehttp_server2.0.42
apache apachehttp_server2.0.43
apache apachehttp_server2.0.44
apache apachehttp_server2.0.45
apache apachehttp_server2.0.46
apache apachehttp_server2.0.47
apache apachehttp_server2.0.48
apache apachehttp_server2.0.49
apache apachehttp_server2.0.50
apache apachehttp_server2.0.51
apache apachehttp_server2.0.52
apache apachehttp_server2.0.53
apache apachehttp_server2.0.54
apache apachehttp_server2.0.55
apache apachehttp_server2.0.56
apache apachehttp_server2.0.57
apache apachehttp_server2.0.58
apache apachehttp_server2.0.59
apache apachehttp_server2.0.60
apache apachehttp_server2.0.61
apache apachehttp_server2.0.63
apache apachehttp_server2.1
apache apachehttp_server2.1.1
apache apachehttp_server2.1.2
apache apachehttp_server2.1.3
apache apachehttp_server2.1.4
apache apachehttp_server2.1.5
apache apachehttp_server2.1.6
apache apachehttp_server2.1.7
apache apachehttp_server2.1.8
apache apachehttp_server2.1.9
apache apachehttp_server2.2
apache apachehttp_server2.2.0
apache apachehttp_server2.2.1
apache apachehttp_server2.2.2
apache apachehttp_server2.2.3
apache apachehttp_server2.2.4
apache apachehttp_server2.2.6
apache apachehttp_server2.2.8
apache apachehttp_server2.2.9
apache apachehttp_server2.2.10
apache apachehttp_server2.2.11
apache apachehttp_server2.2.12
apache apachehttp_server2.2.13

References

CWEs

CWE-399

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.