漏洞标题
N/A
漏洞描述信息
预构建的Apache流量控制项目的路由组件可能受到S slowloris style 拒绝服务攻击的侵害。在配置的DNS端口上发起的TCP连接将在客户端显式关闭连接或路由器重新运行之前一直处于连接状态。如果连接在无限时间内保持在连接状态并累积数量以匹配处理DNS请求的线程池大小,线程池将耗尽。一旦线程池耗尽,路由器就无法处理任何DNS请求,无论使用何种传输协议。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Apache Traffic Control 安全漏洞
漏洞描述信息
Apache Traffic Control是美国阿帕奇(Apache)软件基金会的一款高效、可扩展的内容分发网络控制器。 Apache Traffic Control 1.8.0版本和2.0.0 RC0版本中存在拒绝服务漏洞。攻击者可利用该漏洞造成拒绝服务。
CVSS信息
N/A
漏洞类别
资源管理错误