At the international conference of specialists in IT-technologies
Chaos Communication Congress , a report by Alexander Klink (Alexander “alech”) and Julian Velde (Julian “zeri” Wälde), describing a number of serious vulnerabilities in popular web programming languages was published. Researchers associate most of the problems with incorrect processing of web forms and the possibility of hash table compromise, which can lead to a successful DOS attack on web servers with subsequent data theft, and significant resources are not required to organize an attack.
Researchers describe the essence of vulnerabilities as follows: web programming languages - such as PHP, ASP.NET, Java, Python, Ruby - have direct access to computer computing resources; Web applications written in these languages often process POST requests automatically, and if the application cannot use randomized hash functions, then an attacker can cause a hash value collision with a specially organized request, which can significantly load server computing resources .
Currently PHP 5, Java and ASP.NET (
UPD : patch released) are completely unprotected against the described attack, while PHP 4, Python, Ruby are partially vulnerable (the report says that most of the vulnerabilities are based on concepts that first appeared in 2003, however, only a fix appeared in Ruby in 2008, partially precluding exploitation), and the degree of danger depends on the 32-bit or 64-bit architecture used.
Curiously, Microsoft has already recognized the existence of a serious problem and released an emergency patch related to
Security Advisory 2659883 , which resolves the problem of hash functions in ASP.NET. The released patch is related to fixing the .NET platform on all currently supported versions of Windows, although no known incidents related to the operation of the problem are yet known.
')
An extremely detailed report with all the technical details can be found here - (
pdf )
UPD: the comment of the habrik user
kadukmm is connected with my already corrected inaccuracy.
[
Source ]