(My apologies if this has been discussed already.) Slow HTTP headers vulnerability was reported by scanner tool, on Tomcat 8.5.54.
There might be not any perfect solution to address this issue, but wanted to understand some of the best practices to mitigate this vulnerability. https://stackoverflow.com/questions/49442855/mitigating-slow-http-post-vulnerability-on-tomcat-8 Some recommendations from above link seem reasonable ("We reduced the connectionTimeout="8000" and scan is passed" - This didn't sound very convincing, though). Is there anything more than can be done to address this? We're trying to avoid putting reverse proxy in front of Tomcat as we do have our own pass-through proxy but it doesn't have any special capabilities to avoid this vulnerability like some reverse proxies (e.g. ngnix) have. Appreciate the inputs here. Thanks, Amit
