HTTP multi-header compression denial of service
Medium
Vulnerability Details
A server can send an HTTP response with many occurrences of Transfer-Encoding and/or Content-Encoding headers. Each listed encoding allocates a buffer. The number of encodings listed within each header is already limited but the number of headers is not, allowing an HTTP response to consume all available memory.
## Impact
Consumes all available memory, resulting in a DoS.
Actions
View on HackerOneReport Stats
- Report ID: 1886139
- State: Closed
- Substate: resolved
- Upvotes: 5