6 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-3909
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the...
[SECURITY] [DSA 5041-1] cfrpki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5041-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5033-1] fort-validator security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5033-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 30, 2021 https://www.debian.org/security/faq -...
CVE-2021-3909
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip...
CVE-2021-3909
CVE-2021-3909 affects OctoRPKI: the vulnerable component does not bound connection length, enabling a slowloris-style DOS where the target repository keeps the HTTP connection open (up to about a day) while drip-feeding data. This can cause the OctoRPKI service to hang, impacting availability. Co...
CVE-2021-3909 Infinite open connection causes OctoRPKI to hang forever
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip...