Specially crafted SWA request can take down server with OOM #77

glassfishrobot · 2014-12-02T13:17:29Z

Currently there is no protection against malicious SWA requests where the SOAP part of the request is specially crafted to consume as much memory as possible on the server (in the XML parser). This might lead to OOM and system unavailability. We have created a fix (lets you set max size of body part) that can be found here: https://github.com/digipost/saaj/commit/1e65b801508e6be12ece76120dd00ad04022f4c0

Affected Versions

[current]

glassfishrobot · 2014-12-02T13:17:29Z

Reported by slandro

glassfishrobot · 2014-12-02T13:17:29Z

Was assigned to gagordon

glassfishrobot · 2017-04-24T13:02:51Z

This issue was imported from java.net JIRA SAAJ-77

glassfishrobot added Type: Bug Priority: Major Component: code ERR: Assignee labels Apr 24, 2017

glassfishrobot self-assigned this Apr 24, 2017

Tomas-Kraus mentioned this issue Sep 24, 2018

Specially crafted SWA request can take down server with OOM eclipse-ee4j/metro-saaj#77

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Specially crafted SWA request can take down server with OOM #77

Specially crafted SWA request can take down server with OOM #77

glassfishrobot commented Dec 2, 2014

glassfishrobot commented Dec 2, 2014

glassfishrobot commented Dec 2, 2014

glassfishrobot commented Apr 24, 2017

Specially crafted SWA request can take down server with OOM #77

Specially crafted SWA request can take down server with OOM #77

Comments

glassfishrobot commented Dec 2, 2014

Affected Versions

glassfishrobot commented Dec 2, 2014

glassfishrobot commented Dec 2, 2014

glassfishrobot commented Apr 24, 2017