commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From August Detlefsen <>
Subject Commons-fileupload temp files
Date Wed, 10 Mar 2010 03:57:06 GMT
I think I have discovered a bug in commons-fileupload: If your browser 
crashes during the course of the upload, a turd (partial file) is left 
in the temp directory. It never gets deleted or copied to the final 
destination. Thus you could fill up their temp directory and DOS 
someone's file upload capability by:

   1. Start uploading a large file
   2. Kill the browser before the max size limit is reached
   3. Repeat N times

This was tested using FireFox 3.6.x


August Detlefsen
CEO/Web Application Architect
CodeMagi, Inc.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message