FileUploadBase.parseHeaders() has logic and performance flaws: MultipartStream.readHeaders() already limits the total header size, so FileUploadBase.parseHeaders() doesn't have to limit each header as well (it can cause problems, and gains nothing). Furthermore, the current implementation would cause an ArrayOutOfBoundsException if a longer header would in fact be present, which is undocumented and would cause trouble in calling app. Finally, the local buffer which is the cause of this limit is not needed - copying into it just takes up more memory and cpu. A simple solution is using substrings rather than a buffer - substrings point into the same char buffer as the original (immutable) string, so no additional memory is used, no char copying is necessary, the undocumented exception will not occur, and the artificial max header size is no longer needed, so FileUpload can be more robust and flexible.