Description
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.
INFO
Published Date :
2024-04-12T21:08:36.288Z
Last Modified :
2024-08-02T00:56:58.412Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2024-28869 vulnerability.
| Vendors | Products |
|---|---|
| Traefik |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-28869.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact