5 matches found
SUSE CVE-2023-47124
Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge 50 seconds can be exploited by attackers to achieve a slowloris attack. This...
GHSA-8G85-WHQH-CR2F Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge 50 seconds can be exploited by attackers slowloris attac...
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge 50 seconds can be exploited by attackers slowloris attac...
CVE-2023-47124
Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge 50 seconds can be exploited by attackers to achieve a slowloris attack. This...
CVE-2023-47124
CVE-2023-47124 describes a DoS vector in Traefik when using HTTPChallenge to obtain/renew Let’s Encrypt TLS certificates: the 50-second delay allowed solving the challenge can be abused for a slowloris-style attack. Public details in the initial document specify impacts as a server availability r...