tiny-web-server icon indicating copy to clipboard operation
tiny-web-server copied to clipboard

Published 20 hours ago verified publisher icon shenfeng

Very simple DoS

Open Cotix opened this issue 8 years ago • 1 comments

There seems to be no timeout on the connections. Since every connection takes up a whole thread, this is a very simple DoS vurnability.

To make matters worse, because the file descriptor gets closed when a connection is closed, all the io calls get non blocking. This causes 100% cpu load. Connecting a few times and disconnecting without sending anything causes the server to max out their cpu usage.

Cotix avatar Jul 05 '16 01:07 Cotix

I can confirm the above. My fuzzer triggered the issue in less than 1800 requests.

keymandll avatar Jun 27 '19 16:06 keymandll