Uploaded image for project: 'Commons FileUpload'
  1. Commons FileUpload
  2. FILEUPLOAD-212

Insecure request size checking

    XMLWordPrintableJSON

    Details

      Description

      In FileUploadBase there is an issue when checking for upload request size, the check is based on presence of Content-Length header in request and FALSE assumption that when present it will represent the actual request size. Using this fact, attacker can supply request with defined Content-Length of 60 and bypass file upload restrictions, which can lead to successful Resource Depletion type attack.

      IMHO by default file upload should return the LimitedInputStream implementation for file upload.

        Attachments

        1. FILEUPLOAD-212_fix.patch
          2 kB
          Thomas Neidhart
        2. FILEUPLOAD-212_test.patch
          14 kB
          Thomas Neidhart

          Issue Links

            Activity

              People

              • Assignee:
                tn Thomas Neidhart
                Reporter:
                fatfredyy Damian Kolasa
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 48h
                  48h
                  Remaining:
                  Remaining Estimate - 48h
                  48h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified