14 lines
454 B
Plaintext
14 lines
454 B
Plaintext
=== relates to: S4784
|
|
|
|
=== supercedes: S4784
|
|
|
|
=== on 4 May 2018, 11:38:29 Dinesh Bolkensteyn wrote:
|
|
The next step is to identify hard-coded regex that are vulnerable, against which externally-provided strings will be matched.
|
|
|
|
|
|
This should enable us to detect CVE-2015-2526, see \http://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html
|
|
|
|
|
|
With both of these rules, we'll have full coverage of the ReDoS attack.
|
|
|