2011/12/30 Christopher Schultz <ch...@christopherschultz.net>: > > On 12/30/11 4:35 AM, Gadi Katsovich wrote: >> I am using Tomcat 5.5.30 and am affected by the hashtable collision >> DoS vulnerability. > > Just wondering: are you actually under attack, or are you just saying > that you are vulnerable? > > I would venture a guess that most sites are currently vulnerable, as > 7.0.23 as a somewhat recent release (and has a nasty bug which is > easily corrected with trivial configuration) and 6.0.34 was never > released.
If you haven't noticed yet, there is 6.0.35. > 5.5.x does not yet have a release version that includes the fix. > > Something you can do in the meantime is to limit the max POST size to > something less than the default (which is 2MiB)... maybe 100KiB or > whatever will meet your webapp's requirements. > Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
