Hi there,a security scan done with IBM appscan indicates that SimpleHttpClient
can be vulnerable to DOS.
in = new BufferedReader(new
InputStreamReader(connection.getInputStream()));
boolean readInput = true; while (readInput) {
readInput =StringUtils.isNotBlank(in.readLine());
}
This part of the code reads the buffer without considering the lenght of the
stream so if there are no spaces in it,we can have a out of memory error, if we
have spaces with a huge buffer the appserver can close the connection givin a
DOS.
This is the result of a static analisys.
I think it would be useful to share.
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
