You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "kevin.wang (JIRA)" <ji...@apache.org> on 2017/09/15 15:09:00 UTC
[jira] [Created] (CXF-7507) DoS Vulnerability
kevin.wang created CXF-7507:
-------------------------------
Summary: DoS Vulnerability
Key: CXF-7507
URL: https://issues.apache.org/jira/browse/CXF-7507
Project: CXF
Issue Type: Bug
Components: Core
Affects Versions: 3.1.11
Reporter: kevin.wang
Priority: Critical
There is one possible DOS vulnerability in the code ContentDisposition constructor.
In the codes , it will use the pattern to parse MIME content-disposition.
if the content-disposition content has more than 1M chars, CPU usage of any web service
would be used up and reach over more than 98%.
please consider solve this issue asap.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)