Welcome! Log In Create A New Profile

Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?

Forum List Message List New Topic Print View

Justin Hart

December 31, 2011 01:40PM

http://www.securityweek.com/hash-table-collision-attacks-could-trigger-ddos-massive-scale

Without going through the way nginx parses an incoming request, I'm unsure
if nginx isn't vulnerable to this, because of the availability to grab the
value of a GET parameter via
http://wiki.nginx.org/HttpCoreModule#.24arg_PARAMETER. My hope is that
especially if an $arg_PARAMETER isn't used in the config, it is not
vulnerable because it wouldn't even attempt to parse the parameters, but I
can't be sure.

Can anyone speak to this?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?	Justin Hart	December 31, 2011 01:40PM
Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?	Maxim Dounin	December 31, 2011 07:36PM
Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?	agentzh	January 01, 2012 12:56AM
Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?	Justin Hart	January 01, 2012 01:00AM
Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?	agentzh	January 01, 2012 09:22AM
Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?	Nginx User	January 01, 2012 09:32AM
Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?	Sergey A. Osokin	January 01, 2012 01:40PM
Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?	agentzh	January 04, 2012 06:50AM
Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?	Nginx User	January 04, 2012 03:04PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 306

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018