CVE-2023-47124
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2023-47124 affects Traefik, an open-source HTTP reverse proxy and load balancer. The vulnerability lies in the `HTTPChallenge` feature used to generate and renew Let's Encrypt TLS certificates. Attackers can exploit the 50-second delay authorized to solve the challenge, executing a prolonged connection attack named "slowloris." This can lead to denial-of-service conditions. To mitigate this risk, users are advised to upgrade to Traefik version 2.10.6 or 3.0.0-beta5. As an alternative, users unable to upgrade can switch to the `TLSChallenge` or `DNSChallenge` methods.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Traefik
Affected Vendors
- Traefik
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions