Improper Handling of Exceptional Conditions
CVE-2024-28869
Summary
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a Denial of Service (Dos).Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the "readTimeout" option. This issue affects github.com/traefik/traefik versions through 2.11.1, github.com/traefik/traefik/v2 versions through 2.11.1 and github.com/traefik/traefik/v3 versions 3.0.0-beta3 through 3.0.0-rc4.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-755 - Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.
References
Advisory Timeline
- Published