CVE-2007-0086

Name: CVE-2007-0086
Creator: NVD / NIST
Published: 2007-01-05T18:28:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 9.62%

Last modified Jun 16, 2026

CVE-2007-0086 is a vulnerability of currently unknown severity. The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal. EPSS estimates a 9.62% chance of exploitation in the next 30 days.

Description

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal

Metrics

EPSS Probability

9.62%

94.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Apache	Http Server	All versions

References

http://osvdb.org/33456Broken Link
http://www.securityfocus.com/archive/1/455833/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/455879/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/455882/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/455920/100/0/threadedThird Party Advisory, VDB Entry
http://osvdb.org/33456Broken Link
http://www.securityfocus.com/archive/1/455833/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/455879/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/455882/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/455920/100/0/threadedThird Party Advisory, VDB Entry

Timeline

Published: Jan 5, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-0086?

How severe is CVE-2007-0086?

Severity scoring for CVE-2007-0086 is pending analysis. The EPSS model estimates a 9.62% probability of exploitation in the next 30 days.

How do I fix CVE-2007-0086?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-0086?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST