Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-3092

Опубликовано: 04 июл. 2016
Источник: debian

Описание

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libcommons-fileupload-javafixed1.3.2-1package
tomcat7fixed7.0.70-1package
tomcat8fixed8.0.36-1package
tomcat9not-affectedpackage

Примечания

  • Fixed by https://svn.apache.org/r1743480

  • Upstream advisory http://markmail.org/message/oyxfv73jb2g7rjg3

  • https://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E

Связанные уязвимости

ubuntu логотип

CVE-2016-3092

CVSS3: 7.5
ubuntu
больше 9 лет назад

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

redhat логотип

CVE-2016-3092

CVSS3: 7.5
redhat
больше 9 лет назад

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

nvd логотип

CVE-2016-3092

CVSS3: 7.5
nvd
больше 9 лет назад

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

github логотип

GHSA-fvm3-cfvj-gxqq

CVSS3: 7.5
github
почти 7 лет назад

High severity vulnerability that affects commons-fileupload:commons-fileupload

fstec логотип

BDU:2016-01698

CVSS3: 7.3
fstec
больше 9 лет назад

Уязвимость библиотеки Сommons FileUpload, позволяющая нарушителю вызвать отказ в обслуживании