[jboss-jira] [JBoss JIRA] (WFCORE-1057) Management console/CLI does not limit the size of uploaded file
Lin Gao (JIRA)
issues at jboss.org
Tue Nov 3 02:26:00 EST 2015
[ https://issues.jboss.org/browse/WFCORE-1057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lin Gao updated WFCORE-1057:
----------------------------
Security: (was: Red Hat Internal)
> Management console/CLI does not limit the size of uploaded file
> ---------------------------------------------------------------
>
> Key: WFCORE-1057
> URL: https://issues.jboss.org/browse/WFCORE-1057
> Project: WildFly Core
> Issue Type: Enhancement
> Components: CLI, Domain Management
> Affects Versions: 2.0.0.CR6
> Reporter: Lin Gao
> Assignee: Lin Gao
> Attachments: WFCORE-1057-Management-console-CLI-does-not-limit-th.patch
>
>
> "JBoss management console does not restrict file uploads. A remote attacker could use this flaw to upload a large file through the management console, exhausting all available disk space."
> CLI does not limit the size of the uploaded file either, so both 'http' and 'remote' management interface should be fixed.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list