-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gadi,
On 12/30/11 4:35 AM, Gadi Katsovich wrote: > I am using Tomcat 5.5.30 and am affected by the hashtable collision > DoS vulnerability. Just wondering: are you actually under attack, or are you just saying that you are vulnerable? I would venture a guess that most sites are currently vulnerable, as 7.0.23 as a somewhat recent release (and has a nasty bug which is easily corrected with trivial configuration) and 6.0.34 was never released. 5.5.x does not yet have a release version that includes the fix. Something you can do in the meantime is to limit the max POST size to something less than the default (which is 2MiB)... maybe 100KiB or whatever will meet your webapp's requirements. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk79/TYACgkQ9CaO5/Lv0PBBkACdFwFSGYKHJaF4LLnB813Yxx2D X7oAoJ2Od5xMIM6M+vRNKWeGe1M6Z2MI =8Fwl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
