Closed
Bug 795337
Opened 12 years ago
Closed 12 years ago
PHP Hash Collision Denial Of Service Vulnerability
Categories
(Security Assurance :: General, task)
Security Assurance
General
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: shashankcyberboy, Assigned: ygjb)
Details
PHP Hash Collision Denial Of Service Vulnerability
Vulnerability description
This alert was generated using only banner information. It may be a false positive.
Hash tables are a commonly used data structure in most programming languages. Web application servers or platforms commonly parse attacker-controlled POST form data into hash tables automatically, so that they can be accessed by application developers. If the language does not provide a randomized hash function or the application server does not recognize attacks using multi-collisions, an attacker can degenerate the hash table by sending lots of colliding keys. The algorithmic complexity of inserting n elements into the table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request.
Affected PHP versions (up to 5.3.8).
Attack details
Current version is : 5.2.17
The impact of this vulnerability
Denial of service
How to fix this vulnerability
Upgrade PHP to version 5.3.9 or higher.
Updated•12 years ago
|
Assignee: server-ops-devservices → nobody
Component: CVS: Administration → Security Assurance: Operations
OS: Windows 7 → All
QA Contact: shyam
Hardware: x86 → All
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → yboily
Assignee | ||
Comment 2•12 years ago
|
||
Can you provide some additional details about the service you found this on ( URL, hostname, etc)?
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Updated•9 years ago
|
Component: Operations Security (OpSec): General → General
Product: mozilla.org → Enterprise Information Security
You need to log in
before you can comment on or make changes to this bug.
Description
•