Vulnerabilites - CVE-2007-0086

CVE-2007-0086

Status:

Candidate

Description:

** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

Reference:

BUGTRAQ:20070103 a cheesy Apache / IIS DoS vuln (+a question)
URL:http://www.securityfocus.com/archive/1/archive/1/455833/100/0/threaded
BUGTRAQ:20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)
URL:http://www.securityfocus.com/archive/1/455879/100/0/threaded
BUGTRAQ:20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)
URL:http://www.securityfocus.com/archive/1/455920/100/0/threaded
BUGTRAQ:20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)
URL:http://www.securityfocus.com/archive/1/455882/100/0/threaded

Phase:

Assigned (20070105)

CVE ID

Protocol

SoursePort

TargetPort

Other Vulnerabilities:

Year	CEV (3053) Common Vulnerabilities and Exposures	CAN (20174) Candidate
1999	CVE-1999 (821)	CAN-1999 (749 )
2000	CVE-2000 (808)	CAN-2000 (423 )
2001	CVE-2001 (625)	CAN-2001 (934 )
2002	CVE-2002 (643)	CAN-2002 (1566)
2003	CVE-2003 (81 )	CAN-2003 (1236)
2004	CVE-2004 (75 )	CAN-2004 (2601)
2005	-	CAN-2005 (4825)
2006	-	CAN-2006 (6982)
2007	-	CAN-2007 (858 )

Free Network Analyzer

Free Packet Sniffer

nChronos

Capsa

nChronos

Capsa Enterprise

Capsa Professional

Other

Colasoft Online Store

How to Buy

nChronos

Capsa

Network Tools

Other

Resources

CVE-2007-0086

Status:

Description:

Reference:

Phase:

Other Vulnerabilities:

Free Network Analyzer

We’re here to help…

Quick Links

Stay in touch