Описание
H2O Vulnerable to Denial of Service (DoS) via HEAD Request
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block and become unresponsive to other requests.
Пакеты
h2o
>= 3.2.0.1, <= 3.46.0
Отсутствует
ai.h2o:h2o-core
>= 3.2.0.1, <= 3.46.0
Отсутствует
Связанные уязвимости
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block and become unresponsive to other requests.