Config files : Restrictions removed: DOS attack possible

DOS-attack is possible. Traditional DOS-attack in which the attacker makes a huge number of requests to the application are easy to prevent at network level. The attacks that are more dangerous are ones related to the insecure application logic allowing to disrupt its work with a small amount of specially designed requests. In particular, the application functionality where the user determines the amount of time or system resources used to process his/her request is dangerous.

Removing various restrictions, such as the size of an uploaded file or a POST request, makes it easier for an attacker to perform a DOS attack.