Gadi Katsovich <[email protected]> wrote: >Hello All, >I am using Tomcat 5.5.30 and am affected by the hashtable collision DoS >vulnerability. >I wanted to know if the Request parameter parsing is always invoked? > >Or is it only performed once a servlet asks for a parameter? Meaning if >my servlets don't ask for a parameter, then no hashing, then no >vulnerability? > > > >Thank you.
For all Tomcat versions, parameters are only parsed when required. Ie if nothing tries to read a parameter name or value then the parameters will not be parsed. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
