You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@community.apache.org by Flavio P JUNQUEIRA <fp...@apache.org> on 2016/10/27 19:45:58 UTC

Re: Dear Community,we find a Vulnerability in Zookeeper/SOLR/Apache(PHP) about tcp connection exhausted,Waiting for your reply

Please read this:

http://zookeeper.apache.org/security.html

-Flavio

On 27 Oct 2016 20:16, "Linkezhang" <li...@huawei.com> wrote:

> *Problem:*
>
> In the client using some method (such as telnet) to establish a tcp
> connection with server-side apache listening port , but after the
> establishment of tcp connection, the client does not send any data.
> However, apache will not disconnect this tcp connection, may lead to the
> number of connections exhausted , Resulting in DOS
>
>
>
> *The attack process**：*
> 1. The client executes the telnet service port
>
> [image: cid:image001.png@01D23070.DA903540]
> Start the client telnet server port 60000, do not exit for a long time:
>
> Excuting an order:
> telnet 172.22.17.26 60000
>
>
>