Please create an account to participate in the Slashdot moderation system


Forgot your password?

Submission + - Hash Table Bug Enables Wide-Scale DDoS Attacks ( 2

wiredmikey writes: Several vendors are working to resolve a hash collision vulnerability, which if exploited can trigger a denial-of-service condition on multiple platforms.

Hash tables are a commonly used data structure in most programming languages. Web application servers or platforms commonly parse attacker-controlled POST form data into hash tables automatically, so that they can be accessed by application developers.

The vulnerability has been discovered to impact PHP 5, Java, .NET, and Google’s v8, while PHP 4, Ruby, and Python are somewhat vulnerable.

At issue is the POST function, which can be perverted to trigger the DDoS, if targeted on a massive scale, or DoS if targeted from a single source.
According to n.runs AG, the research firm who discovered the issue, Any website running one of the above technologies which provides the option to perform a POST request is vulnerable to very effective DoS attacks.

As the attack is just a POST request, it could also be triggered from within a (third-party) website. This means that a cross-site-scripting vulnerability on a popular website could lead to a very effective DDoS attack.

The Ruby security team has addressed the issue, as well as Tomcat. Oracle says nothing needs to be done, and Microsoft has issued an advisory on the problems within ASP.NET.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Hash Table Bug Enables Wide-Scale DDoS Attacks

Comments Filter:

No amount of genius can overcome a preoccupation with detail.