urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

python: urllib: HTTP client possible infinite loop on a 100 Continue response

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

Regular Expression Denial Of Service (ReDoS)

url-regex is vulnerable to Regular Expression Denial of Service ReDoS. The attackers can send requests with very long strings to String.test to trigger an application crash by exhausting memory and high processing power...

UA-Parser Denial Of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-SEC GmbH Security Advisory: X41-2018-009 ReDoS Vulnerability in UA-Parser ================================ Severity Rating: Medium Confirmed Affected Versions: 2015-05-14 and newer, commit 6fd6c261274254bcbbacd77ef4b12534c7f9923d Confirmed...

LocalTapiola: Secure Client-Initiated Renegotiation

Renegotiation can open the door to attacks. There are two primary worries: CVE-2009-3555: This vulnerability allows a “man-in-the-middle” attacker to inject data into an HTTPS session and execute requests on behalf of the victim. Refer to CVE-2009-3555 for more details. Denial of Service DoS:...

UBUNTU-CVE-2017-15010

A ReDoS regular expression denial of service flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU...

Understanding the Capacity Management Challenges of Database Monitoring Solutions

Database monitoring requires hardware resources such as storage space and processing power that can withstand the volume of database usage in your organization. A higher usage volume will require more resources. So how can you optimize the resources used by your database monitoring solution? Do y...

Skype Malware Stealing Victims' Processing Power to Mine Bitcoins

Bitcoin may still be a virtual unknown quantity for most people, but the digital currency has not escaped the notice of attackers, many of whom are turning their attention to finding ways to use the system for their own gains. The attacks against Bitcoin exchange Mt. Gox and hack of Instawallet...

The Hacker's Choice releases SSL DOS Tool

The Hacker's Choice releases SSL DOS Tool German hacker group "The Hacker's Choice" officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet. Establishing a secure SSL connection requires 15x more processingpower on the server than on the...

Nvidia Powers World's Fastest Supercomputer with Over 7,000 GPUs

Chipmaker Nvidia announced that a new supercomputer built in China, powered by over 7,000 of its graphics processor units GPUs, is now the world's fastest. This supercomputer, constructed by the National University of Defense Technology and located at the National Supercomputing Center in Tianjin...