Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 9 novembre 2011

Potential DoS threat against SSL/TLS servers (CERT-EU Security Advisory 2011-0007)

A hacker group has released a tool [1] that can perform denial of service attacks against SSL based servers. The released tool exploits a flaw in the SSL secure renegotiation feature. The attack requires very low resources at the client side, a single PC with a DSL connection might be enough to take all resources of an average SSL server. It will require more resources (about 20 laptops) to take the resources of larger server farms. This makes the threat more important than standard DoS attempts through resource exhaustion.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 231

x

Événements SSI