Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-48976

Опубликовано: 16 июн. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A denial-of-service (DoS) vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number of multipart headers. This malicious input can lead to uncontrolled memory consumption within applications utilizing the library, exhausting system resources and causing a denial of service.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2commons-fileuploadFix deferred
OpenShift Developer Tools and ServicesjenkinsFix deferred
Red Hat build of Apache Camel for Spring Boot 4commons-fileuploadFix deferred
Red Hat build of Apache Camel for Spring Boot 4commons-fileupload2-coreFix deferred
Red Hat build of Apache Camel for Spring Boot 4commons-fileupload2-jakartaFix deferred
Red Hat build of Apicurio Registry 2commons-fileuploadFix deferred
Red Hat build of Apicurio Registry 3commons-fileuploadFix deferred
Red Hat build of Debezium 2commons-fileuploadFix deferred
Red Hat build of Debezium 3commons-fileuploadFix deferred
Red Hat Data Grid 8commons-fileuploadFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2373020apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

EPSS

Процентиль: 3%
0.00018
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-48976

CVSS3: 7.5
nvd
2 дня назад

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

debian логотип

CVE-2025-48976

CVSS3: 7.5
debian
2 дня назад

Allocation of resources for multipart headers with insufficient limits ...

github логотип

GHSA-vv7r-c36w-3prj

github
2 дня назад

Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

EPSS

Процентиль: 3%
0.00018
Низкий

5.3 Medium

CVSS3