Mark Thomas wrote:
Yep, a one line fix was required. Fixed in trunk and 7.0.x and will be
in 7.0.28 omwards.
Mark
I have confirmed that this issue is fixed in tomcat 7 trunk.
Thank you Mark.
--
Kanatoko
http://www.jumperz.net/
---
On 08/05/2012 10:56, Mark Thomas wrote:
> On 08/05/2012 10:28, André Warnier wrote:
>> Christopher Schultz wrote:
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> Mark,
>>>
>>> On 5/7/12 5:21 PM, Mark Thomas wrote:
> Christopher Schultz wrote:
Tomcat only processes these reque
On 08/05/2012 10:28, André Warnier wrote:
> Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Mark,
>>
>> On 5/7/12 5:21 PM, Mark Thomas wrote:
Christopher Schultz wrote:
>>> Tomcat only processes these requests for Servlet 3.0 file upload
>>> and there are a
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 5/7/12 5:21 PM, Mark Thomas wrote:
Christopher Schultz wrote:
Tomcat only processes these requests for Servlet 3.0 file upload
and there are already sufficient limits in place for that case to
prevent a DoS.
A
I had some tests on a servlet with @MultipartConfig and getParts()
and find that the hash collision attack was still in place.
Parameters like below cause the problem.
*
--abc
Content-Disposition: form-data; name="EyEyEyEyEyEyEyEyEyEyEyEyEyE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 5/7/12 5:21 PM, Mark Thomas wrote:
>> Christopher Schultz wrote:
>
> Tomcat only processes these requests for Servlet 3.0 file upload
> and there are already sufficient limits in place for that case to
> prevent a DoS.
Aah, right: multipart
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/05/2012 22:22, Christopher Schultz wrote:
> André,
>
> On 5/7/12 5:10 PM, André Warnier wrote:
>> Christopher Schultz wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>>
>>> Mark,
>>>
>>> On 5/6/12 5:05 AM, Mark Thomas wrote:
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 5/7/12 5:10 PM, André Warnier wrote:
> Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> Mark,
>>
>> On 5/6/12 5:05 AM, Mark Thomas wrote:
>>> On 05/05/2012 12:25, Kanatoko wrote:
Hello list,
On 07/05/2012 22:10, André Warnier wrote:
> Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Mark,
>>
>> On 5/6/12 5:05 AM, Mark Thomas wrote:
>>> On 05/05/2012 12:25, Kanatoko wrote:
Hello list,
It seems that the Connector attribute "maxParameterC
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 5/6/12 5:05 AM, Mark Thomas wrote:
On 05/05/2012 12:25, Kanatoko wrote:
Hello list,
It seems that the Connector attribute "maxParameterCount" is not
applied to multipart requests.
Correct. This is by design.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 5/6/12 5:05 AM, Mark Thomas wrote:
> On 05/05/2012 12:25, Kanatoko wrote:
>> Hello list,
>>
>> It seems that the Connector attribute "maxParameterCount" is not
>> applied to multipart requests.
>
> Correct. This is by design.
Doesn't that
On 05/05/2012 12:25, Kanatoko wrote:
> Hello list,
>
> It seems that the Connector attribute "maxParameterCount" is not applied
> to multipart requests.
Correct. This is by design.
> (And, the default value is -1, maybe it should be 1.)
Wrong. The default is 1, as per the documentation.
12 matches
Mail list logo
