A variety of programming languages suffer from a DoS via hash algorithm collision. If the implementation of the hash calculation is expensive, then creating POST request with many collisions can cause DoS. POST request has no limit then 8GB.
Java is affected. Webservers Tomcat and Jetty have been protected by limiting number of POST Request parameters.
More info on: http://www.ocert.org/advisories/ocert-2011-003.html
No comments:
Post a Comment