[jboss-jira] [JBoss JIRA] (WFCORE-1057) Management console/CLI does not limit the size of uploaded file
Lin Gao (JIRA)
issues at jboss.org
Mon Nov 30 22:53:00 EST 2015
[ https://issues.jboss.org/browse/WFCORE-1057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lin Gao closed WFCORE-1057.
---------------------------
Resolution: Won't Fix
It's not feasible to create a robust feature, since there are lots of un-certain aspects.
See: http://wildfly-development.1055759.n5.nabble.com/Shall-we-limit-size-of-the-deployment-in-WildFly-td5716508i20.html#a5716585
> Management console/CLI does not limit the size of uploaded file
> ---------------------------------------------------------------
>
> Key: WFCORE-1057
> URL: https://issues.jboss.org/browse/WFCORE-1057
> Project: WildFly Core
> Issue Type: Enhancement
> Components: CLI, Domain Management
> Affects Versions: 2.0.0.CR6
> Reporter: Lin Gao
> Assignee: Lin Gao
> Attachments: WFCORE-1057-Management-console-CLI-does-not-limit-th.patch
>
>
> "JBoss management console does not restrict file uploads. A remote attacker could use this flaw to upload a large file through the management console, exhausting all available disk space."
> CLI does not limit the size of the uploaded file either, so both 'http' and 'remote' management interface should be fixed.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list