Asymmetric denial of service - Content length
Description
The Content-Length field specifies the size of the transmitted form of data after the request header. In an attack, the Content-Length field contains a very high value, meaning the server will expect to receive a large amount of data. The header of the spoofed request is then validly terminated, then an attacker waits and sends another small piece of data before the connection termination timer expires. In this way, the connection keeps dangerously active.
Impact
- Lead to exhaust all available server resources.
- Use technique to exhaust all available server resources.
- Exhaust the victim's network and hardware resources when requesting large amounts of data.
Recommendation
- Set the header and message body to a maximum reasonable length.
- Define a minimum incoming data rate, and drop those that are slower.
- Set an absolute connection timeout.
Threat
Anonymous attacker with local access.
Expected Remediation Time
⌚ 60 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the src.
Base
- Attack vector: L
- Attack complexity: H
- Privileges required: H
- User interaction: R
- Scope: U
- Confidentiality: L
- Integrity: L
- Availability: N
Temporal
- Exploit code maturity: P
- Remediation level: X
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:X/RC:X
- Score:
- Base: 2.9
- Temporal: 2.8
- Severity:
- Base: Low
- Temporal: Low
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: L
- Attack complexity: H
- Attack Requirements: N
- Privileges required: H
- User interaction: A
- Confidentiality (VC): L
- Integrity (VI): L
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P
Result 4.0
- Vector string: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
- Score:
- CVSS-BT: 0.3
- Severity:
- CVSS-BT: Low
Requirements
Fixes
