Details
Description
Fetching the URL
http://localhost:8080/auctionMonitor/auctionMonitor.jspx
causes extremely hight CPU consumption, possibly until the maximum stack depth is reached.
This could be used as a denial of service attack. Other DOS attacks on ICEfaces are possible, but this one is particularly inexpensive for the attacker because a single HTTP request causes significant CPU load.
Stop overridding the JSP compiler for *.jspx pages because Sun RI's ViewHandler relies on the JSP compiler to execute them.
Commit #16642 for the trunk.