A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
Credits
Red Hat would like to thank Julian Suleder and Nils Emmerich for reporting this issue.
