Skip to main content

Improper Handling of Exceptional Conditions

CVE-2024-28869

Severity High
Score 7.5/10

Summary

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a Denial of Service (Dos).Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the "readTimeout" option. This issue affects github.com/traefik/traefik versions through 2.11.1, github.com/traefik/traefik/v2 versions through 2.11.1 and github.com/traefik/traefik/v3 versions 3.0.0-beta3 through 3.0.0-rc4.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

Advisory Timeline

  • Published