The article warns that after an incomplete fix for the React2Shell flaw, two new critical vulnerabilities have emerged in React Server Components—a denial‑of‑service and a source‑code exposure issue—detailing their triggers and urging immediate remediation for all affected projects.
This article explains what denial‑of‑service (DoS) attacks are, describes their underlying principles and common variants such as SYN, UDP, ICMP, and HTTP floods, and outlines comprehensive defense strategies including firewalls, IDS, CDN, multi‑active architectures, SYN cookies, rate limiting, and cloud‑based protection services.
This article demonstrates how oversized cookies and their attributes—expires, domain, path, and protocol—can be abused to inflate HTTP headers, trigger server‑side request‑size limits, and launch stealthy denial‑of‑service attacks via XSS and man‑in‑the‑middle techniques.
This guide shows how to create a tiny gzip‑compressed file, serve it with FastAPI, and exploit automatic decompression in Python's requests library to force a crawler to consume massive memory, effectively turning compression into a denial‑of‑service weapon.
This article explains what a Linux fork bomb is, shows the classic one‑liner shell code that creates it, breaks down each component of the command, and provides practical steps such as limiting user processes via ulimit and editing limits.conf to prevent system crashes.
This article explains how maliciously crafted regular expressions can cause catastrophic backtracking, leading to Regular Expression Denial of Service (ReDoS) attacks, illustrates the problem with code examples, and provides practical mitigation strategies for developers.
The article explains how a signed‑to‑unsigned integer overflow in IIS’s Read function bypasses size checks, leading to a zero‑length read that triggers the CVE‑2015‑1635 vulnerability in HTTP.sys, allowing attackers to crash the server with crafted Range requests.
A high‑severity Apache Tomcat denial‑of‑service flaw (CVE‑2021‑42340) discovered on 2021‑10‑15 scores 7.8, impacts multiple Tomcat releases, and can be mitigated by upgrading to the listed secure versions while following 360CERT's remediation guidance.
This article explains the tiny 13‑character Linux fork bomb that can exhaust system resources and cause a denial‑of‑service crash, demonstrates its effect on a cloud VM, and shows how to mitigate the threat using ulimit and limits.conf settings.
This article explains the technical details of Node.js CVE-2015-8027 and CVE-2015-6764 vulnerabilities, how they can be triggered through highWaterMark and HTTP UPGRADE misuse, and provides mitigation advice including version upgrades and Nginx filtering.
