Help Center/ Web Application Firewall/ Best Practices/ Mitigating Web Security Vulnerabilities/ DoS Vulnerability in the Open-Source Component Fastjson
Updated on 2022-11-11 GMT+08:00

DoS Vulnerability in the Open-Source Component Fastjson

On September 3, 2019, the Huawei Cloud security team detected a DoS vulnerability in multiple versions of the widely used open-source component Fastjson. An attacker can exploit this vulnerability to construct malicious requests and send them to the server that uses Fastjson. As a result, the memory and CPU of the server are used up, and the server breaks down, causing service breakdown. Huawei Cloud WAF provides protection against this vulnerability.

Affected Versions

Versions earlier than Fastjson 1.2.60

Mitigation Version

Fastjson 1.2.60

Official Solution

Upgrade the open-source component Fastjson to 1.2.60.

Mitigation

WAF can detect and defend against this vulnerability. The procedure is as follows:

  1. Buy WAF.
  2. Add the website domain name to WAF and connect it to WAF. For details, see Adding a Domain Name.
  3. In the Basic Web Protection configuration area, set Mode to Block. For details, see Enabling Basic Web Protection.