Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Hash Table Bug Enables Wide-Scale DDoS Attacks-> 2

Submitted by wiredmikey
wiredmikey (1824622) writes "Several vendors are working to resolve a hash collision vulnerability, which if exploited can trigger a denial-of-service condition on multiple platforms.

Hash tables are a commonly used data structure in most programming languages. Web application servers or platforms commonly parse attacker-controlled POST form data into hash tables automatically, so that they can be accessed by application developers.

The vulnerability has been discovered to impact PHP 5, Java, .NET, and Google’s v8, while PHP 4, Ruby, and Python are somewhat vulnerable.

At issue is the POST function, which can be perverted to trigger the DDoS, if targeted on a massive scale, or DoS if targeted from a single source.
According to n.runs AG, the research firm who discovered the issue, Any website running one of the above technologies which provides the option to perform a POST request is vulnerable to very effective DoS attacks.

As the attack is just a POST request, it could also be triggered from within a (third-party) website. This means that a cross-site-scripting vulnerability on a popular website could lead to a very effective DDoS attack.

The Ruby security team has addressed the issue, as well as Tomcat. Oracle says nothing needs to be done, and Microsoft has issued an advisory on the problems within ASP.NET."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Hash Table Bug Enables Wide-Scale DDoS Attacks

Comments Filter:

User hostile.