Ruby on Rails: Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS

The multi-part body parsing in Rack and consequently Rails has a worse-than-linear performance relative to the number of parts in the request body. In small scale i.e. non-disruptive tests on a variety of Rails applications on the internet, including my own, GitHub.com, Heroku API, Instacart,...

Apache Tomcat 'MultipartStream' Class DoS Vulnerability - Linux

Apache Tomcat is prone to a denial of service DoS vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

Overview The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the...

JVN#03188560: Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the session...