Gerard Bouchar created NUTCH-2561:

             Summary: protocol-http can be made to read arbitrarily large HTTP 
                 Key: NUTCH-2561
             Project: Nutch
          Issue Type: Sub-task
            Reporter: Gerard Bouchar

protocol-http limits the size of the HTTP response body. However
 * There is no limit over the size of the HTTP headers it reads. A bogus server 
could send an infinite stream of different HTTP headers and cause the fetcher 
to go out of memory, or send the same HTTP header repeatedly and cause the 
fetcher to timeout.
 * The same goes for the HTTP status line: no check is made concerning its size.

This can be both a performance and a security problem

This message was sent by Atlassian JIRA

Reply via email to