You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "kevin.wang (JIRA)" <ji...@apache.org> on 2017/09/15 15:09:00 UTC

[jira] [Created] (CXF-7507) DoS Vulnerability

kevin.wang created CXF-7507:
-------------------------------

             Summary: DoS Vulnerability
                 Key: CXF-7507
                 URL: https://issues.apache.org/jira/browse/CXF-7507
             Project: CXF
          Issue Type: Bug
          Components: Core
    Affects Versions: 3.1.11
            Reporter: kevin.wang
            Priority: Critical


There is one possible DOS vulnerability in the code ContentDisposition constructor. 
In the codes , it will use the pattern to parse MIME content-disposition. 
if the content-disposition content has more than 1M chars, CPU usage of any web service 
would be used up and reach over more than 98%.

please consider solve this issue asap.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)