🔥 3-day streak
CompTIA PenTest+ (PT0-003)105 / 175
Question 105 of 175

During a web application assessment, a tester notices that a search feature validates user input against a regular expression on the server side. When the tester submits a long string of repeated characters ending in a non-matching character (e.g., 'aaaaaaaaaaaaaaaaaaaa!'), the server takes over 30 seconds to respond and CPU utilization spikes to 100%. Submitting shorter inputs returns instantly. Which vulnerability is the tester most likely exploiting?

Reviewed for accuracy · Report an issueNext question