Hi,
great, thanks for your answer! I already thought this might be a
false positive but wanted to be sure.
Thanks and best regards,
René
René
Hartwig
Senior Developer
Befine
Solutions AG - The Cryptshare Company
Bebelstraße 17
79108 Freiburg
Germany
Tel: +49 (0) 761
38913 0
Fax: +49 (0) 761 38913 115
E-Mail: [email protected]
Internet:
http://www.cryptshare.com
=========================================================================
Your attachments are
too large or too confidential for e-mail?
Get to know Cryptshare!
http://www.cryptshare.com
=========================================================================
 
Amtsgericht
Freiburg HRB 6144
Vorstand Mark Forrest, Dominik Lehr
Aufsichtsratsvorsitzender Thilo Braun
Am 12.08.2013 13:57, schrieb Thomas Becker:
Hi
René,
I've just run slowloris against Jetty 9. Besides the (expected)
amount of established connections which move to FIN_WAIT_2 and
CLOSE_WAIT, jetty doesn't care.
As Jetty 9 is purely using NIO there's no threads being occupied
for idle connections. Same should be the case for all NIO
connectors in Jetty 8. During the slowloris attack Jetty 9 kept
responding fast and unimpressed of the attack (again as expected).
Cheers,
Thomas
Am 8/5/13 8:42 AM, schrieb René Hartwig:
Hello,
we're using the Acunetix vulnerability scanner to search for
vulnerabilities in our application. Recently Acunetix discovered
a
slowloris vulnerability here :
http://www.funtoo.org/wiki/Slowloris_DOS_Mitigation_Guide
We're using Jetty Version 8.1.7.v20120910. Do you have any
further
knowledge of this vulnerability together with Jetty 8?
It seems that the only possibility how this attack can be
avoided is to
set the maxIdleTime < 10sec which I do not like very much.
Do you have any advice for me what I can do to avoid this
finding,
besides from setting the maxIdleTime so low?
Thank you and best regards,
René Hartwig
--
René Hartwig
Senior Developer
*Befine Solutions AG - The Cryptshare Company*
Bebelstraße 17
79108 Freiburg
Germany
Tel: +49 (0) 761 38913 0
Fax: +49 (0) 761 38913 115
E-Mail: [email protected]_
Internet: http://www.cryptshare.com
=========================================================================
Your attachments are too large or too confidential for e-mail?
Get to know Cryptshare!
http://www.cryptshare.com
=========================================================================
<http://www.facebook.com/cryptshare><http://www.linkedin.com/company/befine-solutions/products>
Amtsgericht Freiburg HRB 6144
Vorstand Mark Forrest, Dominik Lehr
Aufsichtsratsvorsitzender Thilo Braun
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users
|
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users
