Opened 3 years ago

Closed 3 years ago

#23527 closed defect (worksforme)

Our web server is probably vulnerable to slowloris attack

Reported by: gk Owned by: tpa
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


We got a HackerOne bug report about some web server vulnerability (it seems to be not hardened against slowloris attacks):

| http-slowloris-check:


| Slowloris DOS attack


| IDs: CVE:CVE-2007-6750

| Slowloris tries to keep many connections to the target web server open and hold

| them open as long as possible. It accomplishes this by opening connections to

| the target web server and sending a partial request. By doing so, it starves

| the http server's resources causing Denial Of Service.

See the attachment for more information about what they tested

Child Tickets

Attachments (1)

tor.PNG (66.9 KB) - added by gk 3 years ago.

Download all attachments as: .zip

Change History (4)

Changed 3 years ago by gk

Attachment: tor.PNG added

comment:1 Changed 3 years ago by gk

This got reported by joelisto.

comment:2 Changed 3 years ago by dcf

BTW http-slowloris-check is an Nmap script. You can try to reproduce it yourself using this command. When I tried it just now, it didn't detect any vulnerability, even against the same IP address as in attachment:tor.PNG,

$ nmap -p 80,443 --script http-slowloris-check

Starting Nmap 7.60 ( ) at 2017-09-15 08:22 PDT
Nmap scan report for (
Host is up (0.18s latency).
Other addresses for (not scanned): 2001:41b8:202:deb:213:21ff:fe20:1426 2001:6b0:5a:5000::5 2620:0:6b0:b:1a1a:0:26e5:4810 2a01:4f8:172:1b46:0:abba:5:1
rDNS record for

80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 24.16 seconds

You can see what the script is doing in its source code: You can get more debugging output using the -d option, like [http-slowloris-check] Time difference is: 0.

comment:3 in reply to:  2 Changed 3 years ago by weasel

Resolution: worksforme
Status: newclosed

Replying to dcf:

When I tried it just now, it didn't detect any vulnerability

In that case, closing.

Note: See TracTickets for help on using tickets.