Denial Of Service (DoS)

github.com/ctfer-io/chall-manager is vulnerable to Denial Of Service DoS. The vulnerability is due to the HTTP Gateway accepting headers indefinitely, enabling Slowloris attacks without requiring authentication or authorization...

CVE-2023-36461

Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through...

PT-2023-6913 · Ibm · Ibm Txseries For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms versions 8.1 through 9.1 Description: The issue is related to a denial of service caused by improper enforcement of the timeout on individual read operations. A remote attacker could exploit this by conducting...

PT-2023-7361 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.9 Mastodon versions prior to 4.0.5 Mastodon versions prior to 4.1.3 Description: The issue is related to Mastodon's handling of outgoing HTTP queries, where a timeout is set on individual read operations. A...

CVE-2022-39158

CVE-2022-39158 affects Siemens RuggedCom ROS/ROS-based devices (e.g., i800, i801, i802, i803, RMC8388, RP110, RS1600/RS400 variants, RSG family, RSL/RST series, etc.). Root cause: improper handling of partial HTTP requests, enabling a slowloris-style denial of service that can persist until the a...

Node.js: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests

Summary: Node.js is vulnerable to HTTP denial of service DOS attacks based on delayed requests submission which can make the server unable to accept new connections. Description: An attacker can open an arbitrary number of HTTP connections and keep the server busy by never completing the request...