CVE-2025-48976

Опубликовано: 16 июн. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Ссылки

https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/06/16/4
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*

Версия от 1.0 (включая) до 1.6 (исключая)

cpe:2.3:a:apache:commons_fileupload:2.0.0:m1:*:*:*:*:*:*

cpe:2.3:a:apache:commons_fileupload:2.0.0:m1-rc1:*:*:*:*:*:*

cpe:2.3:a:apache:commons_fileupload:2.0.0:m2:*:*:*:*:*:*

cpe:2.3:a:apache:commons_fileupload:2.0.0:m2-rc1:*:*:*:*:*:*

cpe:2.3:a:apache:commons_fileupload:2.0.0:m3:*:*:*:*:*:*

cpe:2.3:a:apache:commons_fileupload:2.0.0:m3-rc1:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00074

Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

CVE-2025-48976

CVSS3: 7.5

ubuntu

2 месяца назад

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

CVE-2025-48976

CVSS3: 5.3

redhat

2 месяца назад

CVE-2025-48976

CVSS3: 7.5

debian

2 месяца назад

Allocation of resources for multipart headers with insufficient limits ...

SUSE-SU-2025:02184-1

suse-cvrf

около 2 месяцев назад

Security update for jakarta-commons-fileupload

SUSE-SU-2025:02159-1

suse-cvrf

около 2 месяцев назад

Security update for apache-commons-fileupload

EPSS

Процентиль: 23%

0.00074

Низкий

7.5 High

CVSS3

Дефекты

CWE-770