0 Replies Latest reply on Sep 15, 2014 4:19 AM by subeer.dhingra

    POST parameters using org.apache.tomcat.util.http.Parameters.MAX_COUNT

    subeer.dhingra
    subeer.dhingra Sep 15, 2014 4:19 AM

      I am using JBoss EAP 6.3.

       

      The default parameter length in POST accepted by JBoss is 512. We can change it using the org.apache.tomcat.util.http.Parameters.MAX_COUNT in system-properties.

      Is it safe to use it and does JBoss EAP 6.3 handle the java hash vulnerabilities inside the container?

       

      We have large XML file which needs to be uploaded and we have to increase the default parameter length for org.apache.tomcat.util.http.Parameters.MAX_COUNT.

      Just wanted to confirm if it can lead to DoS(Denial of Service) if its used by a hacker in some wrong way.

      • 467 Views
      • Categories: Configure, Secure
      • Tags: