Play Framework DoS Vulnerability in WS with OAuth 1.0 over TLS

[Will Sargent]

A denial of service (DoS) vulnerability has been found in the WS HTTP Client in Play when using the OAuth 1.0 functionality over TLS.

The vulnerability has been fixed in Play 2.5.11, and work arounds have been published for other Play versions.

For details on this vulnerability, including the workarounds, please see the vulnerability advisory on the Play website:

https://playframework.com/security/vulnerability/20170120-WSOAuthDoS

Thanks,

Will Sargent

Play Team, Lightbend