You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
ReDoS vulnerability in parser_apache2
Moderate severity
GitHub Reviewed
Published
Oct 29, 2021
in
fluent/fluentd
•
Updated May 4, 2023
parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.
Patches
v1.14.2
Workarounds
Either of the following:
Don't use parser_apache2 for parsing logs which cannot guarantee generated by Apache.
Put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable FLUENT_PLUGIN or --plugin option of fluentd).
tdunlap607 Analyst
Impact
parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.
Patches
v1.14.2
Workarounds
Either of the following:
FLUENT_PLUGINor--pluginoption of fluentd).References
References