apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luke Meyer <lme...@vmware.com>
Subject RE: Hash collision vectors in APR?
Date Wed, 22 Feb 2012 17:05:51 GMT
Funny how things escalate. Looks like someone turned this:

> Should we add some randomization to prevent abuse?

Into this:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0840
http://secunia.com/advisories/47862
"The vulnerability is caused due to an error within a hash generation function when hashing
form posts and updating a hash table. This can be exploited to cause a hash collision resulting
in high CPU consumption via a specially crafted form sent in a HTTP POST request."

Reeeallly?? I guess I missed the part where any actual error or exploit was found...
Mime
View raw message