Closed Bug 795337 Opened 12 years ago Closed 12 years ago

PHP Hash Collision Denial Of Service Vulnerability

Categories

(Security Assurance :: General, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: shashankcyberboy, Assigned: ygjb)

Details

PHP Hash Collision Denial Of Service Vulnerability Vulnerability description This alert was generated using only banner information. It may be a false positive. Hash tables are a commonly used data structure in most programming languages. Web application servers or platforms commonly parse attacker-controlled POST form data into hash tables automatically, so that they can be accessed by application developers. If the language does not provide a randomized hash function or the application server does not recognize attacks using multi-collisions, an attacker can degenerate the hash table by sending lots of colliding keys. The algorithmic complexity of inserting n elements into the table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request. Affected PHP versions (up to 5.3.8). Attack details Current version is : 5.2.17 The impact of this vulnerability Denial of service How to fix this vulnerability Upgrade PHP to version 5.3.9 or higher.
Assignee: server-ops-devservices → nobody
Component: CVS: Administration → Security Assurance: Operations
OS: Windows 7 → All
QA Contact: shyam
Hardware: x86 → All
Assignee: nobody → yboily
no repliess :| are just ignoring me ????
Can you provide some additional details about the service you found this on ( URL, hostname, etc)?
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Component: Operations Security (OpSec): General → General
Product: mozilla.org → Enterprise Information Security
You need to log in before you can comment on or make changes to this bug.