[CXF-7507] Put a configurable limit on the attachment header sizes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.1.11
Fix Version/s: 3.0.16, 3.1.14, 3.2.1
Component/s: Core
Labels:
None

Estimated Complexity:
Novice

Description

There is one possible DOS vulnerability in the code ContentDisposition constructor.
In the codes , it will use the pattern to parse MIME content-disposition.
if the content-disposition content has more than 50000 chars,one radical example , 1 million , CPU usage of any web service
would be used up and reach over more than 98%.

please consider solve this issue asap.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

cxf-content-disposition.patch
21/Sep/17 13:03
19 kB
Colm O hEigeartaigh
0001-CXF-7507-Put-a-configurable-limit-on-the-MIME-header.patch
28/Sep/17 16:39
18 kB
Colm O hEigeartaigh

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: kevin.wang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Sep/17 15:08

Updated:: 28/Nov/17 10:40

Resolved:: 03/Oct/17 15:03