Category : Hacking News
If the server is not designed to handle special conditions then it may end up blocking the entire app or the server in order to analyse the input string.
The functionality of ReDos attack is it slows the entire server, rather than targeting a particular operation.
Out of all the vulnerabilities in Node.js libraries and application, 5% were ReDoS vulnerabilities as mentioned in a research paper in 2017.
Cristian-Alexandru Staicu and Michael Pradel, reachers form the Technical University in Darmstadt, Germany, told Node.js have 25 previously unknown vulnerabilities.
They also mentioned that an attacker could craft special exploit packages and attack websites or servers using any of these 25 libraries.
Any vulnerable site exploited using these packages can freeze the site for minutes. But when this action did repeatedly can cause the server down.
Approximately 340 sites are vulnerable to ReDoS attacks.
A good relief is that some ReDoS issues were patched.
Proudly Operated from India
© 2016 Copyrights. All Rights Reserved