ICEfaces
  1. ICEfaces
  2. ICE-3043

dispatcher forwarding loop

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 1.7
          • Fix Version/s: 1.7.1
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            ICEfaces

            Description


            Fetching the URL

            http://localhost:8080/auctionMonitor/auctionMonitor.jspx

            causes extremely hight CPU consumption, possibly until the maximum stack depth is reached.

            This could be used as a denial of service attack. Other DOS attacks on ICEfaces are possible, but this one is particularly inexpensive for the attacker because a single HTTP request causes significant CPU load.


              Activity

              Descending order - Click to sort in ascending order
              Ken Fyten made changes -
              Status Resolved [ 5 ] Closed [ 6 ]
              Assignee Priority P2
              Assignee Mircea Toma [ mircea.toma ]
              Ken Fyten made changes -
              Priority Critical [ 2 ] Major [ 3 ]
              Ken Fyten made changes -
              Security Private [ 10001 ]
              Mircea Toma made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Ken Fyten made changes -
              Fix Version/s 1.7.1 [ 10122 ]
              Assignee Priority P2
              Assignee Ken Fyten [ ken.fyten ] Mircea Toma [ mircea.toma ]
              Priority Major [ 3 ] Critical [ 2 ]
              Ted Goddard made changes -
              Field Original Value New Value
              Assignee Ken Fyten [ ken.fyten ]
              Ted Goddard created issue -

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Ted Goddard
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: