Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2133

CVE-2022-2053: Large AJP request may cause DoS

    XMLWordPrintable

Details

    Description

      When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while.

      Attachments

        Activity

          People

            jaslee@redhat.com Jason Lee
            jaslee@redhat.com Jason Lee
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: