DEVHIDE
Login Or Sign up

Denial of Service ReadLine vulnerability for spring java application

753 Views Asked by At

In my spring java application, scan tool is showing vulnerability for Denial of Service: ReadLine for ModelAttribute ("someFormBean")

      @RequestMapping(method = RequestMethod.POST)
      public String processForm(@Valid @ModelAttribute("someFormBean") MultipleForm form, /*Source*/
              BindingResult bindingResult, Model model, HttpServletRequest request) {
         return processForm(form, bindingResult, model);
     }

What does it mean? How to fix this?

java spring request-mapping denial-of-service crlf-vulnerability
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

It seems that this is the answer: https://vulncat.fortify.com/en/detail?id=desc.dataflow.abap.denial_of_service

To quote:

code reads a String from a zip file. Because it uses the readLine() method, it will read an unbounded amount of input. An attacker may take advantage of this code to cause an OutOfMemoryException or to consume a large amount of memory so that the program spends more time performing garbage collection or runs out of memory during some subsequent operation.

Probably your scanner knows (or thinks it knows) how such an attribute is implemented in Spring, so throws this inspection warning. If you could add any details as to: which scanner tool is it, what version it has, which modules/configuration settings, etc. - it would be easier to reason about this message.

Related Questions in JAVA

Related Questions in SPRING

Related Questions in REQUEST-MAPPING

Related Questions in DENIAL-OF-SERVICE

Related Questions in CRLF-VULNERABILITY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.