SYN Cookies flood (CVE 35488)

The CVE:

We’re seeing these attacks on the server, is there any way to mitigate?


You didn’t have a look on the release page, have you…?

I did, also search github issues for the CVE, couldn’t find it. I’m on 5.2.3 and still seeing the attacks.

And you’re sure that it’s related to your Zammad instance which is patched correctly.
If that’d be the case you would just have disclosed a security issue on a unpatchable version as of now. Well done.

It’s cleared now, it was still in queue. I just didn’t wait long enough after upgrade.

Not sure what you mean, the CVE 35488 is public as above, not reported by me.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.