You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the request body buffer is empty (after the grace period of 10s) the TCP connection is closed. The grace period is reset whenever the request body buffer is reduced from full capacity.
This should allow the server to take its time reading the request body, but not permit the client to force it to doing so.
Current versions of Callimachus have been determined to be susceptible to the "Slow HTTP POST vulnerability":
https://community.qualys.com/blogs/securitylabs/2011/07/07/identifying-slow-http-attack-vulnerabilities-on-web-applications
Adjust the timeouts on our connections to avoid this vulnerability.
The text was updated successfully, but these errors were encountered: