[CXF-7507] Put a configurable limit on the attachment header sizes - ASF JIRA

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.1.11
Fix Version/s: 3.0.16, 3.1.14, 3.2.1
Component/s: Core
Labels:
None

Estimated Complexity:
Novice

Description

There is one possible DOS vulnerability in the code ContentDisposition constructor.
In the codes , it will use the pattern to parse MIME content-disposition.
if the content-disposition content has more than 50000 chars,one radical example , 1 million , CPU usage of any web service
would be used up and reach over more than 98%.

please consider solve this issue asap.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

0001-CXF-7507-Put-a-configurable-limit-on-the-MIME-header.patch
28/Sep/17 16:39
18 kB
Colm O hEigeartaigh
cxf-content-disposition.patch
21/Sep/17 13:03
19 kB
Colm O hEigeartaigh

Activity

People

Assignee:

Colm O hEigeartaigh

Reporter:

kevin.wang

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

15/Sep/17 15:08

Updated:

28/Nov/17 10:40

Resolved:

03/Oct/17 15:03