cbcvebase.
CVE-2023-47124
published 2023-12-04

CVE-2023-47124: Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt…

PriorityP429medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
0.79%
51.7th percentile
Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comtraefik_traefik_v2>= 0 < 2.10.62.10.6
github.comtraefik_traefik_v3>= 0 < 3.0.0-beta53.0.0-beta5
traefiktraefik< 2.10.62.10.6
traefiktraefik<= 2.10.5
traefiktraefik
traefiktraefik
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.