tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
Date Thu, 06 Feb 2014 17:15:52 GMT
Mark,

On 2/6/14, 6:37 AM, Mark Thomas wrote:
> Mitigation:
> [...]
> - Limit the size of the Content-Type header to less than 4091 bytes

Just confirming that I've read this properly: limiting the size of the
content-type *header* to 4901 bytes? So, don't accept "Content-Type: [4k
worth of data]" as a header?

Thanks,
-chris


Mime
View raw message