HTTP: Vercel Next.js Improper URL Handling Denial of Service

This signature detects attempts to exploit a known vulnerability against Vercel, Next.js React framework. A successful attack can result in a denial-of-service condition.

Extended Description

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.

References

CVE: CVE-2021-43803

Short Name
HTTP:CTS:VERCEL-NXT-URL-DOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-43803 Denial Handling Improper Next.js Service URL Vercel of
Release Date
08/10/2022
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3674
False Positive
Unknown

Found a potential security threat?