Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Possible denial of service vulnerability with Content-length header in Traefik
Vulnerability Description
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对异常条件的处理不恰当
Vulnerability Title
Containous Traefik 安全漏洞
Vulnerability Description
Containous Traefik是美国Containous公司的一款反向代理和负载平衡器。 Containous Traefik存在安全漏洞,该漏洞源于Content-length标头存在拒绝服务(DOS)漏洞。受影响的产品和版本:Traefik v2.11.0及之前版本,v3.0.0-rc3及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A