How severe is CVE-2023-47124?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-47124?

This is classified as CWE-772, which is a common weakness in software security.

CVE-2023-47124 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.

Related Vulnerabilities

CVE-2017-14970

MEDIUM

CVSS:5.9(Medium)

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stati...

CWE-7722017

CVE-2017-15671

MEDIUM

CVSS:5.9(Medium)

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user nam...

CWE-7722017

CVE-2017-16672

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip s...

CWE-7722017

CVE-2018-19132

MEDIUM

CVSS:5.9(Medium)

Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.

CWE-7722018

CVE-2023-22302

MEDIUM

CVSS:5.9(Medium)

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exis...

CWE-7722023

CVE-2016-7466

MEDIUM

CVSS:6.0(Medium)

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumpt...

CWE-7722016