CVE-2007-6750
Published: 27 December 2011
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
Notes
Author | Note |
---|---|
mdeslaur | 1005669 commit fixes CVE-2010-1623 hardy users who want to protect against Slowloris are recommended to update to lucid or higher. Adding a new module turned on by default to hardy's apache2 is too intrusive. |
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
hardy |
Ignored
|
lucid |
Not vulnerable
(2.2.14-5ubuntu8.3)
|
|
maverick |
Not vulnerable
(2.2.16-1ubuntu3.4)
|
|
natty |
Not vulnerable
(2.2.17-1ubuntu1.4)
|
|
oneiric |
Not vulnerable
(2.2.20-1ubuntu1.1)
|
|
upstream |
Released
(2.2.15)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=917211 upstream: http://svn.apache.org/viewvc?view=revision&revision=953616 upstream: http://svn.apache.org/viewvc?view=revision&revision=1005669 upstream: http://svn.apache.org/viewvc?view=revision&revision=1162862 |