| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120127154531.GA10996@adacore.com>
Date: Fri, 27 Jan 2012 16:45:31 +0100
From: Thomas Quinot <quinot@...core.com>
To: bugtraq@...urityfocus.com
Cc: Thomas Quinot <quinot@...core.com>
Subject: AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AdaCore Security Advisory
=========================
SA-2012-L119-003 Hash collisions in AWS
Problem: Impacted versions of AWS store key/value pairs from submitted
form data in hash tables using a hash function that has
predictable collisions. As a result, a single specially crafted
HTTP request can cause the server to use hours of CPU time,
thus causing a denial of service.
Impact: All AWS releases and wavefronts prior to 2012-01-21
Status: This was fixed in AWS 2.11 and 2.10.2 on 2012-01-21
References: n.runs-SA-2011.004
http://www.nruns.com/_downloads/advisory28122011.pdf
Effective Denial of Service attacks against
web application platforms :: AWS round
http://ogrod2.blogspot.com/2012/01/28c3-effective-denial-of-service.html
AWS
http://www.adacore.com/home/products/gnatpro/add-on_technologies/web_technologies
http://forge.open-do.org/projects/aws/
History: 2012-01-27 First published
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8iwlEACgkQK8Lr/hUfADYemQCdHUyHQWMRikkF2XO0n1KSINCt
NbYAoMyczgLV2Bt+aok73Cp90A8tBmEe
=XT3i
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists