Skip to content

DOS vulnerability by sending a request with many many headers #256

New issue
New issue
Closed
#290
Closed
DOS vulnerability by sending a request with many many headers#256
#290
Labels
A-headersArea: headers.A-serverArea: server.
@reem

Description

@reem
reem
opened on Jan 19, 2015

We currently only check for the size of a single header field rather than all headers combined, this means a malicious client can send a request with thousands of headers and quickly consume a lot of memory on the server before the user of hyper can even access the request to reject it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-headersArea: headers.A-serverArea: server.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions