Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-0050

Опубликовано: 06 фев. 2014
Источник: redhat
CVSS2: 5
EPSS Критический

Описание

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6commons-fileuploadAffected
Red Hat Developer Toolset 2.0devtoolset-2-tomcatNot affected
Red Hat Enterprise Linux 5jakarta-commons-fileuploadUnder investigation
Red Hat Enterprise Linux 7tomcatNot affected
Red Hat JBoss BRMS 5commons-fileuploadWill not fix
Red Hat JBoss BRMS 6commons-fileuploadAffected
Red Hat JBoss Data Grid 6jbosswebNot affected
Red Hat JBoss Data Virtualization 6jbosswebNot affected
Red Hat JBoss Enterprise Web Server 1commons-fileuploadWill not fix
Red Hat JBoss Enterprise Web Server 1eap-4Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1062337apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream

EPSS

Процентиль: 100%
0.92594
Критический

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-0050

ubuntu
около 11 лет назад

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

nvd логотип

CVE-2014-0050

nvd
около 11 лет назад

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

debian логотип

CVE-2014-0050

debian
около 11 лет назад

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as use ...

github логотип

GHSA-xx68-jfcg-xmmf

github
больше 6 лет назад

Commons FileUpload Denial of service vulnerability

fstec логотип

BDU:2022-03337

CVSS3: 6.3
fstec
около 11 лет назад

Уязвимость файла MultipartStream.java библиотеки Apache Commons FileUpload, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 100%
0.92594
Критический

5 Medium

CVSS2