One of our client scan our site and share following qualys vulnerability.
"Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day "
We are using "Ubuntu 12.04.5 LTS" with Apache/2.2.22. We have implemented lots of options, mentioned is this url
Its CVE is CVE-2007-6750
But every scan find this vulnerability.
What we should do now?
This is the slow loris attack of incomplete HTTP GET Requests.
How to protect your server: Update your Apache Server, there are many updates for this attack, this attack was discovered in like 2011. Other options are to reduce timeout on your Apache Server, etc. This attack works on timeout. Here tells you how to protect your Apache from DoS/DDoS (slow loris included) on Linux (provides updates, shows settings to be changed).
What is the slow loris? The slow loris is a layer 7 Denial of Server (DoS, can be carried out with 1 computer) that is used widely on Apache servers and more, because these servers if not updated have this "bug".
How does the slow loris work? The slow loris is done by a TCP connection being made, and then an incomplete HTTP GET request is sent to the server. The server then does not timeout this connection for long periods of time as high as 400 seconds. The server (such as Apache server's) do this because the idea is, it thinks you are on some untrusted network, or simply slow internet and will wait for the rest of the HTTP GET Request.
More Information: This is an HTTP DoS not a TCP DoS because the request is what is causing this. A slow loris attack can work at sending 1 packet per second for each new connection.
Examples of how this request looks like:
GET / HTTP/1.1\r\nHost: www.whatever.com\r\nUser-Agent: Mozilla 5.0\r\n
or
GET / HTTP/1.1\r\nHost: www.whatever.com\r\nUser-Agent: Mozilla 5.0
Example of normal HTTP GET Request:
GET / HTTP/1.1\r\nHost: www.whatever.com\r\nUser-Agent: Mozilla 5.0\r\n\r\n
