Description

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.

INFO

Published Date :

2024-04-12T21:08:36.288Z

Last Modified :

2024-08-02T00:56:58.412Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-28869 vulnerability.

Vendors Products
Traefik
  • Traefik

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact