DoS Vulnerability in the Open-Source Component Fastjson
On September 3, 2019, the Huawei Cloud security team detected a DoS vulnerability in multiple versions of the widely used open-source component Fastjson. An attacker can exploit this vulnerability to construct malicious requests and send them to the server that uses Fastjson. As a result, the memory and CPU of the server are used up, and the server breaks down, causing service breakdown. Huawei Cloud WAF provides protection against this vulnerability.
Affected Versions
Versions earlier than Fastjson 1.2.60
Mitigation Version
Fastjson 1.2.60
Official Solution
Upgrade the open-source component Fastjson to 1.2.60.
Mitigation
WAF can detect and defend against this vulnerability. The procedure is as follows:
- Buy WAF.
- Add the website domain name to WAF and connect it to WAF. For details, see Adding a Domain Name.
- In the Basic Web Protection configuration area, set Mode to Block. For details, see Configuring Basic Web Protection Rules.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.