slowloris-dos-functions
slowloris-dos-functions
These functions do not allow to set a a timeout value for reading requests. As a result, the app server may be vulnerable to a Slowloris Denial-of-Service (DoS) attack. Slowloris attacks exploit the fact that HTTP servers keep the connection active if the request received is incomplete. To mitigate this, implement a
Likelihood: LOW
Confidence: LOW
CWE:
- C
- W
- E
- -
- 4
- 0
- 0
- :
-
- U
- n
- c
- o
- n
- t
- r
- o
- l
- l
- e
- d
-
- R
- e
- s
- o
- u
- r
- c
- e
-
- C
- o
- n
- s
- u
- m
- p
- t
- i
- o
- n
Server and set the timeout with ReadHeaderTimeout.Likelihood: LOW
Confidence: LOW
CWE:
- C
- W
- E
- -
- 4
- 0
- 0
- :
-
- U
- n
- c
- o
- n
- t
- r
- o
- l
- l
- e
- d
-
- R
- e
- s
- o
- u
- r
- c
- e
-
- C
- o
- n
- s
- u
- m
- p
- t
- i
- o
- n