3dcyber (4)

Last Login: June 24, 2024

3dcyber's Latest (2) Contributions

Sort by:
Filter by:
Technical Analysis

This vulnerability causes a denial of service in applications that use the moment library in the vulnerable versions.

  • When it is a javascript application on node.js, the impact of the vulnerability is greater.

  • When the application only loads or uses the library on the frontend, the impact is less since the denial of service is local to the browser.

Technical Analysis

This vulnerability affects HAProxy and does not require prior authentication as indicated by the CVSS score. Hopefully there is an update to the CVSS.

This vulnerability allows RCE when HTTP2 is enabled on HAProxy. There is a PoC exploit created by the researcher who discovered the vulnerability.

Note that in some solutions HTTP2 on HAProxy may be enabled by default.

To defend against this vulnerability:

  • HAproxy patches can be applied.
  • As workaroud you can disable HTTP2.