Описание
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.
While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | log4j | Not affected | ||
| A-MQ Clients 2 | tomcat | Not affected | ||
| Migration Toolkit for Applications 6 | org.keycloak-keycloak-parent | Will not fix | ||
| Red Hat AMQ Broker 7 | artemis | Not affected | ||
| Red Hat build of Debezium 1 | commons-fileupload | Will not fix | ||
| Red Hat Data Grid 8 | commons-fileupload | Will not fix | ||
| Red Hat Data Grid 8 | tomcat | Will not fix | ||
| Red Hat Decision Manager 7 | drools-core | Out of support scope | ||
| Red Hat Decision Manager 7 | tomcat | Out of support scope | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
Apache Commons FileUpload before 1.5 does not limit the number of requ ...
EPSS
6.5 Medium
CVSS3