CVE-2016-3092

Опубликовано: 04 июл. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Средний

Описание

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*

Конфигурация 6

cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*

Версия до 1.3.1 (включая)

Конфигурация 7

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Конфигурация 8

Одно из

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.40246

Средний

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2016-3092

CVSS3: 7.5

ubuntu

почти 9 лет назад

CVE-2016-3092

CVSS3: 7.5

redhat

почти 9 лет назад

CVE-2016-3092

CVSS3: 7.5

debian

почти 9 лет назад

The MultipartStream class in Apache Commons Fileupload before 1.3.2, a ...

GHSA-fvm3-cfvj-gxqq

CVSS3: 7.5

github

больше 6 лет назад

High severity vulnerability that affects commons-fileupload:commons-fileupload

BDU:2016-01698

fstec

почти 9 лет назад

Уязвимость библиотеки Сommons FileUpload, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 97%

0.40246

Средний

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20