Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] slowloris vulnerability
Hello,

we're using the Acunetix vulnerability scanner to search for vulnerabilities in our application. Recently Acunetix discovered a slowloris vulnerability here :
http://www.funtoo.org/wiki/Slowloris_DOS_Mitigation_Guide

We're using Jetty Version 8.1.7.v20120910. Do you have any further knowledge of this vulnerability together with Jetty 8?
It seems that the only possibility how this attack can be avoided is to set the maxIdleTime < 10sec which I do not like very much.
Do you have any advice for me what I can do to avoid this finding, besides from setting the maxIdleTime so low?


Thank you and best regards,

René Hartwig

--

René Hartwig
Senior Developer

Befine Solutions AG - The Cryptshare Company
Bebelstraße 17
79108 Freiburg
Germany

Tel: +49 (0) 761 38913 0
Fax: +49 (0) 761 38913 115

E-Mail: Rene.Hartwig@xxxxxxxxxxxxxxxxxxxx
Internet: http://www.cryptshare.com

=========================================================================

Your attachments are too large or too confidential for e-mail?
Get to know Cryptshare!

http://www.cryptshare.com

=========================================================================



Amtsgericht Freiburg HRB 6144
Vorstand Mark Forrest, Dominik Lehr
Aufsichtsratsvorsitzender Thilo Braun


 

Back to the top