Mirrors/curl
0
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-01-18 17:21:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

docs: explicitly call out Slowloris as not a security flaw

Browse Source 
Closes #20219
This commit is contained in:
JimFuller-RedHat
2026-01-08 09:55:42 +01:00
committed by Daniel Stenberg
parent 7de35515d9
commit af18d8ea1b
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/scripts/pyspelling.words vendored
View File

@@ -778,6 +778,7 @@ singlecwd
SINIX
Sintonen
sizeof
Slowloris
SLE
slist
sln

3
docs/VULN-DISCLOSURE-POLICY.md
View File

@@ -224,7 +224,8 @@ problem. There are already several benign and likely reasons for transfers to
stall and never end, so applications that cannot deal with never-ending
transfers already need to have counter-measures established.
If the problem avoids the regular counter-measures when it causes a never-
Well known attacks, like [Slowloris](https://en.wikipedia.org/wiki/Slowloris_(cyber_attack)), that send partial
requests are usually not considered a flaw. If the problem avoids the regular counter-measures when it causes a never-
ending transfer, it might be a security problem.
## Not practically possible