Home > CAPEC List > CAPEC-469: HTTP DoS (Version 2.11)  


Definition in a New Window Definition in a New Window
Attack Pattern ID: 469
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP.

The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

+ Attack Prerequisites
  • HTTP protocol is used

    Web server used is vulnerable to denial of service via HTTP flooding

+ Typical Severity


+ Resources Required

Ability to issues hundreds of HTTP requests

+ Solutions and Mitigations

Configuration: Configure web server software to limit the waiting period on opened HTTP sessions

Design: Use load balancing mechanisms

+ References
[R.469.1] Robert Hansen. "Slowris HTTP DoS". June 17, 2009. <http://ha.ckers.org/blog/20090617/slowloris-http-dos/>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017