Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-3092

Опубликовано: 21 июн. 2016
Источник: redhat
CVSS3: 7.5
CVSS2: 4.3
EPSS Средний

Описание

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Not affected
Red Hat Enterprise Linux 6tomcat6Not affected
Red Hat JBoss Data Grid 6jbosswebAffected
Red Hat JBoss Data Virtualization 6jbosswebAffected
Red Hat JBoss Enterprise Application Platform 4jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 5jbosswebNot affected
Red Hat JBoss Enterprise Web Server 1tomcat5Not affected
Red Hat JBoss Enterprise Web Server 1tomcat6Not affected
Red Hat JBoss Enterprise Web Server 2tomcat6Not affected
Red Hat JBoss Enterprise Web Server 3tomcat7Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1349468tomcat: Usage of vulnerable FileUpload package can result in denial of service

EPSS

Процентиль: 97%
0.40246
Средний

7.5 High

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-3092

CVSS3: 7.5
ubuntu
почти 9 лет назад

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

nvd логотип

CVE-2016-3092

CVSS3: 7.5
nvd
почти 9 лет назад

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

debian логотип

CVE-2016-3092

CVSS3: 7.5
debian
почти 9 лет назад

The MultipartStream class in Apache Commons Fileupload before 1.3.2, a ...

github логотип

GHSA-fvm3-cfvj-gxqq

CVSS3: 7.5
github
больше 6 лет назад

High severity vulnerability that affects commons-fileupload:commons-fileupload

fstec логотип

BDU:2016-01698

fstec
почти 9 лет назад

Уязвимость библиотеки Сommons FileUpload, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 97%
0.40246
Средний

7.5 High

CVSS3

4.3 Medium

CVSS2