CVE-2023-47124: Potential DDoS whith ACME HTTPChallenge

## Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the [HTTPChallenge](https://doc.traefik.io/traefik/https/acme/#httpchallenge) to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers ([slowloris attack](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/)). ## Patches - https://github.com/traefik/traefik/releases/tag/v2.10.6 - https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5 ## Workarounds Replace the HTTPChallenge with the [TLSChallenge](https://doc.traefik.io/traefik/https/acme/#tlschallenge) or the [DNSChallenge](https://doc.traefik.io/traefik/https/acme/#dnschallenge). ## For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).