[nsp-sec] Effective Denial of Service attacks against web application platforms
Thomas Hungenberg
th.lab at hungenberg.net
Wed Dec 28 09:09:04 EST 2011
Today, there was a presentation @ 28c3:
Effective Denial of Service attacks against web application platforms
--------------------------
This talk will show how a common flaw in the implementation of most of the
popular web programming languages and platforms (including PHP, ASP.NET,
Java, etc.) can be (ab)used to force web application servers to use 99% of
CPU for several minutes to hours for a single HTTP request.
This attack is mostly independent of the underlying web application and just
relies on a common fact of how web application servers typically work.
--------------------------
<http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html>
Microsoft has just published an advisory on this regarding ASP.NET:
Vulnerability in ASP.NET Could Allow Denial of Service
<http://technet.microsoft.com/en-us/security/advisory/2659883>
- Thomas
CERT-Bund Incident Response & Anti-Malware Team
More information about the nsp-security
mailing list