More Resources
Recent Papers
Browse by Technology
Dev Log Archives
Developer Center |
Security Advisory SA-2012-L119-003: Hash collisions in AWS
Friday January 27, 2012
- Problem:
- Impacted versions of AWS store key/value pairs from submitted form data in hash tables using a hash function that has predictable collisions. As a result, a single specially crafted HTTP request can cause the server to use hours of CPU time, thus causing a denial of service.
- Impact:
- All AWS releases and wavefronts prior to 2012-01-21
- Status:
- This was fixed in AWS 2.11 and 2.10.2 on 2012-01-21
- References:
Posted
in AWS, Development Log