Lucene search

[email protected]CVE-2007-0086

HistoryJan 05, 2007 - 6:28 p.m.

CVE-2007-0086

2007-01-0518:28:00

CWE-400

[email protected]

web.nvd.nist.gov

125

In Wild

apache http server

denial of service

network bandwidth consumption

range header

cve-2007-0086

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

7.3

Confidence

High

EPSS

0.008

Percentile

81.3%

JSON

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal

Affected configurations

NVD

Node

apachehttp_serverMatch-

VendorProductVersionCPE
apachehttp_server-cpe:/a:apache:http_server:-:::

Vendor	Product	Version	CPE
apache	http_server	-	cpe:/a:apache:http_server:-:::

References

osvdb.org/33456

www.securityfocus.com/archive/1/455833/100/0/threaded

www.securityfocus.com/archive/1/455879/100/0/threaded

www.securityfocus.com/archive/1/455882/100/0/threaded

www.securityfocus.com/archive/1/455920/100/0/threaded

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

7.3

Confidence

High

EPSS

0.008

Percentile

81.3%

JSON

Related for CVE-2007-0086

cbl_mariner1 prion2 debiancve2 cvelist2 redhatcve1 nvd2 nessus2 openvas4 ubuntucve1 cve1 attackerkb1 hackerone1