3 matches found
Security Bulletin:Consul’s event endpoint is vulnerable to denial of service
Summary Consul and Consul Enterprise’s “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. Vulnerability Details CVEID: CVE-2025-11375 DESCRIPTION: Consul and Consul Enterprise’s “Consul” event endpoint is vulnerable to denial ...
CVE-2025-11375 Consul's event endpoint is vulnerable to denial of service
Consul and Consul Enterprise’s “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...
The vulnerability of the Consul Community Edition and Consul Enterprise configuration tools lies in their failure to remove HTTP headers from script syntax, allowing attackers to gain access to confidential information.
The vulnerability of the Consul service configuration tool lies in the lack of measures taken to neutralize HTTP headers in script syntax. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential information through a specially crafted HTTP reques...