<a href="http://www.securityweek.com/hash-table-collision-attacks-could-trigger-ddos-massive-scale">http://www.securityweek.com/hash-table-collision-attacks-could-trigger-ddos-massive-scale</a>
<div><br></div><div>Without going through the way nginx parses an incoming request, I'm unsure if nginx isn't vulnerable to this, because of the availability to grab the value of a GET parameter via <a href="http://wiki.nginx.org/HttpCoreModule#.24arg_PARAMETER">http://wiki.nginx.org/HttpCoreModule#.24arg_PARAMETER</a>. My hope is that especially if an $arg_PARAMETER isn't used in the config, it is not vulnerable because it wouldn't even attempt to parse the parameters, but I can't be sure.</div>
<div><br></div><div>Can anyone speak to this? </div>