-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/02/2014 17:15, Christopher Schultz wrote: > Mark, > > On 2/6/14, 6:37 AM, Mark Thomas wrote: >> Mitigation: [...] - Limit the size of the Content-Type header to >> less than 4091 bytes > > Just confirming that I've read this properly: limiting the size of > the content-type *header* to 4901 bytes? So, don't accept > "Content-Type: [4k worth of data]" as a header?
Correct. It is actually a little more specific than that but broadly, yes. Mark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJS88X1AAoJEBDAHFovYFnncb4QALJc6EcNu8+qwjayeqD6UT4n Z11pLcaUcj4FRaYx6ihFYBRamUyUQGjRVmlEkxwO24KeISySmPVBBVw0pwWw4ssr e0k5qDTmyxTac05GABtMurngU+W400hHtlGFS3j8FgEUN80HAUOJUkUGeTaVzn0c PQy1sB+n7yeL4K+zeJum7xb8v54ksrzWqeygoncXkZ6BYk5wiMnKc3ueY3hrHCo1 TQlOFM0pZVUEJwHLG0nm1abyrTU1GbEUFWWjhGw2JFndlw6iLcS8z8apDIU9n3me K454eg+UjQNEpwAQh44uoDrh2w9cVEHriLMEF6ize1kvuCF3moHSDYrOqE8NlquJ +trszeTe+sQ32K+crMl8Desvl1vMn48Z13tj55s3tqgpnAG9Pj+EvQDcy9jkRSLv 9J9SfS+JOhabN9eh1ujA4gQ1Hm+vYaacELrm94H/t/GjtMwuu7FqJBbXkdTmd1aX ivGFiZYHp/Ksbm0LCObndR9M7ogNd24/2Nkv3cYVQ8e/jKZHzsoTZywstFv2VeBD KOW0i5OxmrlLoW6dvXqrkg4L+WBgp+TSY7bmlsoBlOJMkLkqhiSO394IrEZS1uUs AvIBN5bI7kSit7u1Q1reiZtVJ2x4Hl2vX2pfqNJMtb/D+o78/c3AzyAKDTuwnkWO m4cFp30sTs0fM6DDjadh =JJ7D -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
