Hey Hans,
Yeah Suhosin will take care of this issue. Glad to hear you are running it!
- Ben
On Dec 29, 2011, at 6:19 PM, Hans C. Kaspersetz wrote:
> Ben,
>
> Thanks for the reply. I ran the PoC below against my servers and it looks
> like we are in ok shape. After reading your response, I
Ben,
Thanks for the reply. I ran the PoC below against my servers and it looks
like we are in ok shape. After reading your response, I contemplated the
options and realized that we are running Suhosin and are already managing
the max post|request variables. Dur...
Here is a bit more read
Hey,
Don't allow posts w/> ~100 k/v pairs. Don't allow larger uploads then is
necessary. As you mentioned, I guess limit script execution time.
Right now, there's some snort signatures going around (Not sure if you run IDS,
etc). I've also heard people mention a mod_rewrite regex
to strip out t
Good morning,
I hope everyone has seen the news about the Hash Table Vulnerability in lots
of web scripting languages. You can read about it here:
http://www.securityweek.com/hash-table-collision-attacks-could-trigger-ddos-
massive-scale or here http://www.kb.cert.org/vuls/id/903934.
It lo
