[
https://issues.apache.org/jira/browse/CXF-7507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
kevin.wang updated CXF-7507:
----------------------------
Description:
There is one possible DOS vulnerability in the code ContentDisposition
constructor.
In the codes , it will use the pattern to parse MIME content-disposition.
if the content-disposition content has more than 50000 chars,one radical
example , 1 million , CPU usage of any web service
would be used up and reach over more than 98%.
please consider solve this issue asap.
was:
There is one possible DOS vulnerability in the code ContentDisposition
constructor.
In the codes , it will use the pattern to parse MIME content-disposition.
if the content-disposition content has more than 1M chars, CPU usage of any web
service
would be used up and reach over more than 98%.
please consider solve this issue asap.
> DoS Vulnerability
> -----------------
>
> Key: CXF-7507
> URL: https://issues.apache.org/jira/browse/CXF-7507
> Project: CXF
> Issue Type: Bug
> Components: Core
> Affects Versions: 3.1.11
> Reporter: kevin.wang
> Priority: Critical
>
> There is one possible DOS vulnerability in the code ContentDisposition
> constructor.
> In the codes , it will use the pattern to parse MIME content-disposition.
> if the content-disposition content has more than 50000 chars,one radical
> example , 1 million , CPU usage of any web service
> would be used up and reach over more than 98%.
> please consider solve this issue asap.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
