Hi there,a security scan done with IBM appscan indicates that SimpleHttpClient can be vulnerable to DOS. in = new BufferedReader(new InputStreamReader(connection.getInputStream())); boolean readInput = true; while (readInput) { readInput =StringUtils.isNotBlank(in.readLine()); } This part of the code reads the buffer without considering the lenght of the stream so if there are no spaces in it,we can have a out of memory error, if we have spaces with a huge buffer the appserver can close the connection givin a DOS. This is the result of a static analisys. I think it would be useful to share.
-- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user