Tag Archives: chaos communication congress

Attack code published for serious ASP.NET DoS vulnerability

DG News Service – Exploit code for a recently patched denial-of-service (DoS) vulnerability that affects Microsoft’s ASP.NET Web development platform has been published online, therefore increasing the risk of potential attacks.

The vulnerability, identified as CVE-2011-3414, was disclosed in December at the Chaos Communication Congress, Europe’s largest and oldest hacker conference. Shortly afterward, Microsoft published a security advisory and released an out-of-band patch for the flaw. Continue reading Attack code published for serious ASP.NET DoS vulnerability

Web Applications are vulnerable to HashDoS denial of service attack

Researchers presented information on a long standing vulnerability in most web application frameworks 28th Chaos Communication Congress security conference in Berlin, Germany, Earth, Milky Way.

The type of hashing used by PHP, Java, Python and JavaScript in this attack is not a cryptographic hash, it is a simple mathematical hash used to speed up storing a retrieving data posted to web pages.

Collisions in these hashes are expected and managed by the programming framework in a reliable way when not being abused. Continue reading Web Applications are vulnerable to HashDoS denial of service attack