Traefik HTTP/2 Denial-of-Service Vulnerability

0
52

Traefik HTTP/2 Denial-of-Service Vulnerability

Traefik HTTP/2 Denial-of-Service Vulnerability

Summary

This article provides a detailed technical explanation of the CVE-2023-54365 vulnerability in Traefik, which affects versions 2.10.5 and 3.0.0-beta4. The vulnerability allows remote attackers to rapidly create and cancel HTTP/2 streams, exhausting server resources and causing service unavailability.

What the vulnerability/exploit is about

Traefik before version 2.10.5 and 3.0.0-beta4 contains a denial-of-service vulnerability in its HTTP/2 request handling mechanism. This vulnerability arises from the Go standard library's implementation of HTTP/2, which can be exploited by attackers to rapidly create and cancel HTTP/2 streams.

Technical explanation for defenders

The vulnerability stems from how Traefik handles HTTP/2 requests. When a large number of HTTP/2 streams are created and then canceled rapidly, it exhausts server resources, leading to service unavailability. The Go standard library does not properly handle the cancellation of HTTP/2 streams, allowing attackers to create a large number of streams and then cancel them, causing the server to become unresponsive.

Suche
Kategorien
Mehr lesen
Andere
TITLU: Vulnerabilitatea CVE-2026-12866 - Detalii CVSS, EPSS și CISA Kev | CVE Find (Romaian)
TITLU: Vulnerabilitatea CVE-2026-12866 - Detalii CVSS, EPSS și CISA Kev | CVE...
Von Mario Serrano 2026-06-30 06:32:10 0 10
Cybersecurity
Titre (en français)
Titre (en fran├ºais)R├®sum├® (en fran├ºais)Le vuln├®rabilit├® CVE-2026-12866 concerne le package...
Von Mario Serrano 2026-06-30 05:08:21 0 13
Cybersecurity
Traefik HTTP/2 Denial-of-Service Vulnerability
Traefik HTTP/2 Denial-of-Service VulnerabilityTraefik HTTP/2 Denial-of-Service...
Von Mario Serrano 2026-06-30 11:56:34 0 53
Andere
Calculadora Científica Java: Operaciones y Registro de Resultados
Calculadora Científica JavaEsta calculadora científica desarrollada en Java permite realizar...
Von Mario Serrano 2026-06-30 03:38:22 0 114
Cybersecurity
Titre (en français)
Titre (en fran├ºais)R├®sum├® (en fran├ºais)Qu'est-ce que la vuln├®rabilit├® / l'exploit...
Von Mario Serrano 2026-06-30 05:10:34 0 11