Lucene search
GitHub_MCVELIST:CVE-2024-28869HistoryApr 12, 2024 - 9:08 p.m.
CVE-2024-28869 Possible denial of service vulnerability with Content-length header in Traefik
2024-04-1221:08:36
CWE-755
GitHub_M
raw.githubusercontent.com
traefik
http reverse proxy
load balancer
denial of service
content-length
vulnerability
exploit
upgrade
configuration
readtimeout
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the “Content-length” request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.
Related
cgr
cgr
CVE-2024-28869 vulnerabilities
2024-05-19 03:07:16
osv
osv
Traefik vulnerable to denial of service with Content-length header
2024-04-12 17:05:13
CVE-2024-28869
2024-04-12 22:15:07
veracode
veracode
Denial Of Service (DoS)
2024-04-15 13:20:53
cve
cve
CVE-2024-28869
2024-04-12 22:15:07
github
github
Traefik vulnerable to denial of service with Content-length header
2024-04-12 17:05:13
redhatcve
redhatcve
CVE-2024-28869
2024-04-14 14:50:00
wolfi
wolfi
CVE-2024-28869 vulnerabilities
2024-06-01 15:24:07