Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-47124

Published: 04/12/2023 Updated: 07/12/2023
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Traefik

Vulnerability Summary

Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by malicious users to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.

Vulnerable Product Search on Vulmon Subscribe to Product

traefik traefik 3.0.0

traefik traefik

References

CWE-772https://github.com/traefik/traefik/security/advisories/GHSA-8g85-whqh-cr2fhttps://doc.traefik.io/traefik/https/acme/#dnschallengehttps://doc.traefik.io/traefik/https/acme/#httpchallengehttps://doc.traefik.io/traefik/https/acme/#tlschallengehttps://github.com/traefik/traefik/releases/tag/v2.10.6https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5ttps://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook