tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 54076] SPNEGO authenticator's stateless-ness leads to a DoS with stateful clients
Date Tue, 30 Oct 2012 16:34:59 GMT

--- Comment #1 from Mark Thomas <> ---
Is that really a DoS (in that the server is unavailable to other clients) or do
you mean that the client gets stuck in an infinite loop?

For a DoS, the resources used by Tomcat need to be out of proportion to the
number of requests. i.e. If a client just sending a request again and again
uses roughly the same server resources as this case then it is not a DoS. The
report does not (at this point) sound like a DoS.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message