slowloris-dos
slowloris-dos
This server may be vulnerable to a Slowloris Denial-of-Service (DoS) attack. Slowloris attacks exploit the fact that HTTP servers keep the connection active if the request received is incomplete. By default, Go does not define a timeout value for
Likelihood: LOW
Confidence: LOW
CWE:
- C
- W
- E
- -
- 4
- 0
- 0
- :
-
- U
- n
- c
- o
- n
- t
- r
- o
- l
- l
- e
- d
-
- R
- e
- s
- o
- u
- r
- c
- e
-
- C
- o
- n
- s
- u
- m
- p
- t
- i
- o
- n
ReadHeaderTimeout, which leaves your application vulnerable. To mitigate this, configure this parameter in your Server settings.Likelihood: LOW
Confidence: LOW
CWE:
- C
- W
- E
- -
- 4
- 0
- 0
- :
-
- U
- n
- c
- o
- n
- t
- r
- o
- l
- l
- e
- d
-
- R
- e
- s
- o
- u
- r
- c
- e
-
- C
- o
- n
- s
- u
- m
- p
- t
- i
- o
- n