Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-28869

Published: 12/04/2024 Updated: 15/04/2024

Vulnerability Summary

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by malicious users to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.

References

https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfwhttps://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeoutshttps://github.com/traefik/traefik/releases/tag/v2.11.2https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook