wiredmikey (1824622) writes "Several vendors are working to resolve a hash collision vulnerability, which if exploited can trigger a denial-of-service condition on multiple platforms.
Hash tables are a commonly used data structure in most programming languages. Web application servers or platforms commonly parse attacker-controlled POST form data into hash tables automatically, so that they can be accessed by application developers.
The vulnerability has been discovered to impact PHP 5, Java,
At issue is the POST function, which can be perverted to trigger the DDoS, if targeted on a massive scale, or DoS if targeted from a single source.
According to n.runs AG, the research firm who discovered the issue, Any website running one of the above technologies which provides the option to perform a POST request is vulnerable to very effective DoS attacks.
As the attack is just a POST request, it could also be triggered from within a (third-party) website. This means that a cross-site-scripting vulnerability on a popular website could lead to a very effective DDoS attack.
The Ruby security team has addressed the issue, as well as Tomcat. Oracle says nothing needs to be done, and Microsoft has issued an advisory on the problems within ASP.NET."
Link to Original Source