9 Replies Latest reply on Sep 25, 2019 6:38 PM by ChMa_3922746

    Online Website Scans Crash HTTPS Server (SDK 6.4 on CYW943907AEVAL1F)

    ChMa_3922746

      There is a vulnerability of the HTTPS server where it can be crashed by commercial online website vulnerability scanners.  The setup is:

       

      - snip.HTTPS running on a  CYW943907AEVAL1F eval board (SDK 6.4)

      - port 443 opened up on router to Internet

      - using URL redirection service (free at noip.com) to redirect an URL to the port (this URL is entered into the websites, below).

       

      Running concurrent scans from the following online scanners can crash the server (non-responsive):

      https://www.ssllabs.com/ssltest/

      https://observatory.mozilla.org/

      https://app.webinspector.com/

      https://quttera.com/

       

      The problem is exacerbated when I use Firefox to fetch the top page from the server and click it in quick succession while those tests are going on.