0 Replies Latest reply on Sep 15, 2014 4:19 AM by Subeer Dhingra

    POST parameters using org.apache.tomcat.util.http.Parameters.MAX_COUNT

    Subeer Dhingra Newbie

      I am using JBoss EAP 6.3.

       

      The default parameter length in POST accepted by JBoss is 512. We can change it using the org.apache.tomcat.util.http.Parameters.MAX_COUNT in system-properties.

      Is it safe to use it and does JBoss EAP 6.3 handle the java hash vulnerabilities inside the container?

       

      We have large XML file which needs to be uploaded and we have to increase the default parameter length for org.apache.tomcat.util.http.Parameters.MAX_COUNT.

      Just wanted to confirm if it can lead to DoS(Denial of Service) if its used by a hacker in some wrong way.