Multiple programming languages are vulnerable to a denial of service attack by causing hash collisions. With a post request can a web server be offline pulled. Under more ASP.NET, PHP and Java are vulnerable.
The security company n.runs has the vulnerability to the outside. By abuse of hash tables in programming languages, and can see the cpu of a web server completely to occupy, that other requests do. This must be hash collisions are caused, in which multiple values have the same hash.
PHP5, Java, and ASP.NET are vulnerable, just as the javascript engine V8, which by node.js is used. In some cases, PHP4, Python, and Ruby are vulnerable; it depends on the version used, and whether the language is running on a 32bit or 64bit server.
Because many programming languages by default, a maximum execution time of scripts, is the need to constantly new hash collisions continue to send. According to n.runs for an attack on a web server with PHP5 and a Core i7 processor 70 to 100 kilobits per second of bandwidth to a single core. With a gigabit connection can have one attacker even to 10,000 cores in such a configuration actually turn off.
Microsoft has acknowledged that there is also ASP.NET is vulnerable and needs an update for the Forefront firewall issued that any attack needs to be recognized. Incidentally, Microsoft announced not much later, a noodpatch that a critical Windows problem need to resolve. This is the most likely, however, to another problem, since the desktop versions of Windows are affected.