Comment Re:If using PHP5, change max_input_time (Score 1) 156
An easy solution to this was pointed out in that article: limit the number of input parameters.
And Apache Tomcat already has a release that does just this with a customizable property. The default is set to 10,000 parameters. If you use Tomcat as your servlet engine, then it should be resolved with 7.0.23 or 6.0.35.
A direct quote from the article:
The Ruby Security Team was very helpful in addressing this issue and both CRuby and JRuby provide updates for this issue with a randomized hash function (CRuby 1.8.7-p357, JRuby 1.6.5.1, CVE-2011-4815).
Oracle has decided there is nothing that needs to be fixed within Java itself, but will release an updated version of Glassfish in a future CPU (Oracle Security ticket S0104869).
Tomcat has released updates (7.0.23, 6.0.35) for this issue which limit the number of request parameters using a configuration parameter. The default value of 10.000 should provide sufficient protection.