Traefik HTTP/2 Denial-of-Service Vulnerability

0
62

Traefik HTTP/2 Denial-of-Service Vulnerability

Traefik HTTP/2 Denial-of-Service Vulnerability

Summary

This article provides a detailed technical explanation of the CVE-2023-54365 vulnerability in Traefik, which affects versions 2.10.5 and 3.0.0-beta4. The vulnerability allows remote attackers to rapidly create and cancel HTTP/2 streams, exhausting server resources and causing service unavailability.

What the vulnerability/exploit is about

Traefik before version 2.10.5 and 3.0.0-beta4 contains a denial-of-service vulnerability in its HTTP/2 request handling mechanism. This vulnerability arises from the Go standard library's implementation of HTTP/2, which can be exploited by attackers to rapidly create and cancel HTTP/2 streams.

Technical explanation for defenders

The vulnerability stems from how Traefik handles HTTP/2 requests. When a large number of HTTP/2 streams are created and then canceled rapidly, it exhausts server resources, leading to service unavailability. The Go standard library does not properly handle the cancellation of HTTP/2 streams, allowing attackers to create a large number of streams and then cancel them, causing the server to become unresponsive.

Buscar
Categorías
Leer más
Ciberseguridad
Open VSX Registry Vulnerability Allows Stored XSS and Session Hijacking
Open VSX Registry Vulnerability Allows Stored XSS and Session HijackingSummaryOpen VSX Registry...
Por Mario Serrano 2026-06-30 10:26:33 0 108
Otro
Titel (in Dutch) (Dutch)
Titel (in Dutch)Samenvatting (in Dutch)Het artikel beschrijft een belangrijk cijfer in de...
Por Mario Serrano 2026-06-30 06:06:56 0 10
Ciberseguridad
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ (ðúð║ÐÇð░Ðùð¢ÐüÐîð║ð¥ÐÄ ð╝ð¥ð▓ð¥ÐÄ)
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ (ðúð║ÐÇð░Ðùð¢ÐüÐîð║ð¥ÐÄ ð╝ð¥ð▓ð¥ÐÄ)ðíÐâð╝ð░ÐÇð¢ð©ð╣ ð¥ð│ð╗ÐÅð┤...
Por Mario Serrano 2026-06-30 16:20:17 0 10
Ciberseguridad
Traefik HTTP/2 Denial-of-Service Vulnerability
Traefik HTTP/2 Denial-of-Service VulnerabilityTraefik HTTP/2 Denial-of-Service...
Por Mario Serrano 2026-06-30 11:56:34 0 63
Ciberseguridad
CVE-2026-4983 - Detalle CVSS, EPSS y CISA Kev | CVE Find (Bengali)
ÓªÂÓºüÓªºÓºüÓª«Óª¥ÓªñÓºìÓª░ Óª¬ÓºìÓª░ÓªñÓª┐ÓªÀÓºìÓªáÓª¥Óª¿ÓºçÓª░ Óª©Óª¥ÓªÑÓºç Óª»ÓºïÓªùÓª¥Óª»Óª╝...
Por Mario Serrano 2026-06-30 17:22:14 0 56