On 21/01/2012 12:02, David Jorm wrote: > The point of my question was to check whether my understanding of the > CVE-2012-0022 issue is complete, i.e. whether the issue is just slow > processing leading to a DoS when a very large number of parameters is > received with a request.
Correct. CVE-2012-0022 relates solely to the number of parameters being processed. > , or whether there is some further complexity that I have overlooked. Not that the Tomcat security team is aware of. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
