CVE-2017-7670 : What You Need to Know

Apache Traffic Control is vulnerable to a Denial of Service attack due to the Traffic Router component. Learn about the impact, technical details, and mitigation steps.

Understanding CVE-2017-7670

Apache Traffic Control's Traffic Router component is susceptible to a Slowloris-style Denial of Service attack, affecting specific versions.

What is CVE-2017-7670?

The Traffic Router component in Apache Traffic Control is at risk of exploitation by a Denial of Service attack similar to Slowloris. This vulnerability allows connections to remain active in the ESTABLISHED state, depleting the thread pool allocated for handling DNS requests.

The Impact of CVE-2017-7670

The vulnerability can lead to a complete halt in processing DNS requests by Traffic Router, impacting the availability of DNS services.

Technical Details of CVE-2017-7670

Apache Traffic Control's vulnerability in the Traffic Router component has the following technical aspects:

Vulnerability Description

TCP connections on the configured DNS port remain in the ESTABLISHED state indefinitely
Thread pool exhaustion occurs when connections match the pool's capacity

Affected Systems and Versions

Product: Apache Traffic Control
Vendor: Apache Software Foundation
Vulnerable Versions: 1.8.0 incubating, 2.0.0 RC0 incubating

Exploitation Mechanism

Connections persist in the ESTABLISHED state, depleting the thread pool and rendering Traffic Router unable to process DNS requests

Mitigation and Prevention

To address CVE-2017-7670, consider the following steps:

Immediate Steps to Take

Monitor network traffic for unusual patterns
Implement rate limiting on incoming connections
Apply firewall rules to block suspicious traffic

Long-Term Security Practices

Regularly update Apache Traffic Control to the latest version
Conduct security audits and penetration testing

Patching and Updates

Apply patches provided by Apache Software Foundation to fix the vulnerability