You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by A Name <ab...@gmail.com> on 2023/02/28 16:24:44 UTC
CVE2023-24998 configuration
Just to confirm - I saw you incorporated fixes for that CVE into recent
Tomcats.
Is there a setting in Server or Web.xml for these or do they need to be set
programmatically within an application using the functions in
Commons-FileUpload?
Abt
Re: CVE2023-24998 configuration
Posted by A Name <ab...@gmail.com>.
Thanks Mark. I had trouble breaking down where to set the param. My
customer may want it lower just for their own internal requirements.
On Tue, Feb 28, 2023 at 12:10 PM Mark Thomas <ma...@apache.org> wrote:
> The default (limit of 10,000 for combined total of query parameters and
> upload parts) should be sufficient to mitigate the issue.
>
> You can, of course, set the limit lower if you like (maxParameterCount
> on the Connector(s) in server.xml).
>
> Mark
>
>
> On 28/02/2023 16:24, A Name wrote:
> > Just to confirm - I saw you incorporated fixes for that CVE into recent
> > Tomcats.
> >
> > Is there a setting in Server or Web.xml for these or do they need to be
> set
> > programmatically within an application using the functions in
> > Commons-FileUpload?
> >
> > Abt
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: CVE2023-24998 configuration
Posted by Mark Thomas <ma...@apache.org>.
The default (limit of 10,000 for combined total of query parameters and
upload parts) should be sufficient to mitigate the issue.
You can, of course, set the limit lower if you like (maxParameterCount
on the Connector(s) in server.xml).
Mark
On 28/02/2023 16:24, A Name wrote:
> Just to confirm - I saw you incorporated fixes for that CVE into recent
> Tomcats.
>
> Is there a setting in Server or Web.xml for these or do they need to be set
> programmatically within an application using the functions in
> Commons-FileUpload?
>
> Abt
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org