Описание
Infinite open connection causes OctoRPKI to hang forever
OctoRPKI (github.com/cloudflare/cfrpki/cmd/octorpki) does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.
Patches
For more information
If you have any questions or comments about this advisory email us at security@cloudflare.com
Пакеты
github.com/cloudflare/cfrpki
< 1.4.0
1.4.0
Связанные уязвимости
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.
OctoRPKI does not limit the length of a connection, allowing for a slo ...