CVE-2024-28869
published 2024-04-12CVE-2024-28869: Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.05%
59.9th percentile
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | traefik_traefik | >= 0 < 2.11.2 | 2.11.2 |
| github.com | traefik_traefik_v2 | >= 0 < 2.11.2 | 2.11.2 |
| github.com | traefik_traefik_v3 | >= 3.0.0-beta3 < 3.0.0-rc5 | 3.0.0-rc5 |
| traefik | traefik | < 2.11.2 | 2.11.2 |
| traefik | traefik | — | — |
| traefik | traefik | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik
osv·2024-06-05
CVE-2024-28869 Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik
Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik
Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik
OSV
Traefik vulnerable to denial of service with Content-length header
osv·2024-04-12
CVE-2024-28869 [HIGH] Traefik vulnerable to denial of service with Content-length header
Traefik vulnerable to denial of service with Content-length header
There is a potential vulnerability in Traefik managing requests with `Content-length` and no `body` .
Sending a `GET` request to any Traefik endpoint with the `Content-length` request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service.
## Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.2
- https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5
## Workarounds
For affected versions, this vulnerability can be mitigated by configuring the [readTimeout](https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts) option.
## For more information
If you have any questions or comments about this ad
GHSA
Traefik vulnerable to denial of service with Content-length header
ghsa·2024-04-12
CVE-2024-28869 [HIGH] CWE-404 Traefik vulnerable to denial of service with Content-length header
Traefik vulnerable to denial of service with Content-length header
There is a potential vulnerability in Traefik managing requests with `Content-length` and no `body` .
Sending a `GET` request to any Traefik endpoint with the `Content-length` request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service.
## Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.2
- https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5
## Workarounds
For affected versions, this vulnerability can be mitigated by configuring the [readTimeout](https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts) option.
## For more information
If you have any questions or comments about this ad
Red Hat
traefik: denial of service
vendor_redhat·2024-04-12·CVSS 7.5
CVE-2024-28869 [HIGH] CWE-755 traefik: denial of service
traefik: denial of service
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.
An improper handling of exceptional conditions vulnerability was found in Traefik. In affected versions, sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration, resulting in a d
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeoutshttps://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6https://github.com/traefik/traefik/releases/tag/v2.11.2https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfwhttps://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeoutshttps://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6https://github.com/traefik/traefik/releases/tag/v2.11.2https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw
2024-04-12
Published