CVE-2007-0086

2007-01-0518:28:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

7.3

Confidence

High

EPSS

0.008

Percentile

81.3%

JSON

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal

OSVersionArchitecturePackageVersionFilename
Debian12allapache2<= 2.4.59-1~deb12u1apache2_2.4.59-1~deb12u1_all.deb
Debian11allapache2<= 2.4.59-1~deb11u1apache2_2.4.59-1~deb11u1_all.deb
Debian999allapache2<= 2.4.62-1apache2_2.4.62-1_all.deb
Debian13allapache2<= 2.4.62-1apache2_2.4.62-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	apache2	<= 2.4.59-1~deb12u1	apache2_2.4.59-1~deb12u1_all.deb
Debian	11	all	apache2	<= 2.4.59-1~deb11u1	apache2_2.4.59-1~deb11u1_all.deb
Debian	999	all	apache2	<= 2.4.62-1	apache2_2.4.62-1_all.deb
Debian	13	all	apache2	<= 2.4.62-1	apache2_2.4.62-1_all.deb