Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Hash collisions vulnerability in web servers

Published: 2011-12-28
Last Updated: 2011-12-28 23:02:14 UTC
by Daniel Wesemann (Version: 2)
8 comment(s)

A new vulnerability advisory by security firm n-runs [1] describes how hash tables in PHP5,Java,ASP.NET and others can be attacked with deliberate collisions in the hash function, leading to a denial of service (DoS) on the web server in question. Microsoft have already responded with an advisory [2] of their own, other vendors are likely to follow.

Updated 2300UTC: MSFT published additional information [3] on how to detect and mitigate an attack.



8 comment(s)
Diary Archives