Fastjson Remote DoS Vulnerability
Sep 06, 2019 GMT+08:00
The HUAWEI CLOUD security team has recently noticed that the remote denial of service (DoS) vulnerability exists in versions earlier than Fastjson 1.2.60. Fastjson fails to parse specific JSON character strings. An attacker can construct a request packet to initiate a remote DoS attack on servers that use the Fastjson. As a result, the CPU/RAM of the servers is overloaded, causing performance deterioration or server breakdown.
(Severity: low, moderate, important, and critical)
III. Affected Products
Fastjson versions earlier than 1.2.60
or Fastjson sec versions earlier than sec06
Fastjson 1.2.60 and later
or Fastjson sec06 and later
Upgrade Fastjson to a secure version. Download address: http://repo1.maven.org/maven2/com/alibaba/fastjson/
HUAWEI CLOUD WAF can detect this vulnerability by default. You can enable the mode of basic web protection to implement defense. For details about the configuration, see
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.