Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service whith ACME HTTPChallenge in Traefik
Vulnerability Description
Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对已超过有效生命周期的资源丧失索引
Vulnerability Title
Containous Traefik 安全漏洞
Vulnerability Description
Containous Traefik是美国Containous公司的一款反向代理和负载平衡器。 Traefik v2.10.5及之前、 v3.0.0-beta4及之前版本存在安全漏洞,该漏洞源于当 Traefik 配置为使用HTTPChallenge生成和更新证书时,攻击者利用该漏洞可以进行Slowloris攻击。
CVSS Information
N/A
Vulnerability Type
N/A