Details

      Description

      Any user with permissions to create DDM form with validation can make portal unavailable.

      The same can be reproduced using DDMFormEvaluatorServlet for any user.

      Probable cause: DDMExpressionImpl use MathContext.UNLIMITED to parse incoming data.

      Steps to reproduce
      1, Download, compile and run attached DDMFormEvaluatorDoS.java
      2, Go to http://localhost:8080

      Expected result: Portal still works
      Actual result: Portal is not responsive


      CVSS Base Score: 7.8
      CVSS Temporal Score: 6.7
      CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:UC)
      

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  3 years, 18 weeks, 4 days ago

                  Packages

                  Version Package
                  7.0.0 Beta 8