community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Flavio P JUNQUEIRA <...@apache.org>
Subject Re: Dear Community,we find a Vulnerability in Zookeeper/SOLR/Apache(PHP) about tcp connection exhausted,Waiting for your reply
Date Thu, 27 Oct 2016 19:45:58 GMT
Please read this:

http://zookeeper.apache.org/security.html

-Flavio

On 27 Oct 2016 20:16, "Linkezhang" <linkezhang@huawei.com> wrote:

> *Problem:*
>
> In the client using some method (such as telnet) to establish a tcp
> connection with server-side apache listening port , but after the
> establishment of tcp connection, the client does not send any data.
> However, apache will not disconnect this tcp connection, may lead to the
> number of connections exhausted , Resulting in DOS
>
>
>
> *The attack process**:*
> 1. The client executes the telnet service port
>
> [image: cid:image001.png@01D23070.DA903540]
> Start the client telnet server port 60000, do not exit for a long time:
>
> Excuting an order:
> telnet 172.22.17.26 60000
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message