PT-2023-30327 · Traefik+1 · Traefik+1

Mikaelgundersen

Publicado

2023-12-04

Atualizado

2024-11-19

CVE-2023-47124

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.10.6 Traefik versions prior to 3.0.0-beta5

Description The issue arises when Traefik is configured to use the HTTPChallenge to generate and renew Let's Encrypt TLS certificates. The delay authorized to solve the challenge can be exploited by attackers to achieve a slowloris attack.

Recommendations For versions prior to 2.10.6, upgrade to version 2.10.6 or later. For versions prior to 3.0.0-beta5, upgrade to version 3.0.0-beta5 or later. As a temporary workaround, consider replacing the HTTPChallenge with the TLSChallenge or the DNSChallenge until a patch is applied.

Exploit

Correção

Resource Exhaustion

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-772

Identificadores relacionados

ALT-PU-2024-12000

ALT-PU-2024-1254

ALT-PU-2024-1883

ALT-PU-2024-6626

CVE-2023-47124

ECHO-6D34-77D3-0A22

GHSA-8G85-WHQH-CR2F

GO-2023-2381

OPENSUSE-SU-2024:13506-1

OPENSUSE-SU-2024:14076-1

Produtos afetados

Alt Linux

Traefik

PT-2023-30327 · Traefik+1 · Traefik+1

CVE-2023-47124

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33