The Content-Length field specifies the size of the transmitted form of data after the request header. In an attack, the Content-Length field contains a very high value, meaning the server will expect to receive a large amount of data. The header of the spoofed request is then validly terminated, then an attacker waits and sends another small piece of data before the connection termination timer expires. In this way, the connection keeps dangerously active.
- Lead to exhauste all available server resources.
- Use technique to exhaust all available server resources.
- Exhaust the victim's network and hardware resources when requesting large amounts of data.
- Set the header and message body to a maximum reasonable length.
- Define a minimum incoming data rate, and drop those that are slower.
- Set an absolute connection timeout.
Anonymous attacker with local access.
Expected Remediation Time
⌚ 60 minutes.
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
- Attack vector: L
- Attack complexity: H
- Privileges required: H
- User interaction: R
- Scope: U
- Confidentiality: L
- Integrity: L
- Availability: N
- Exploit code madurity: P
- Remediation level: X
- Report confidence: X
- Vector string: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:X/RC:X
- Base: 2.9
- Temporal: 2.8
- Base: Low
- Temporal: Low
The http headers of the application have a reasonable content length limit and a timeout limit set
Non compliant code
Tha application has an http header poorly configured