We are going to use Crowd as the user management and SSO provider for several Atlassian applications (JIRA, Confluence, Stash, etc.). All these applications will connect to Crowd using HTTP protocol, and users will use the same to access their user profile using the same.
During a vulnerability assesment followed by manual verification we found that Crowd is vulnerable to Slowloris attack. I think that a successful attack may imapct the availability of all connected applications.
- Are there any Crowd configuration best practices in place to mitigate the vulnerability?
- A suggestion is to limit the number HTTP connections on client IP/host basis. Is this possible to with Tomcat?
(this vulnerability is found in many other web applications as well, but Crowd is critical as it is the centralized authentication server - which is why I'm asking this question)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.