Описание
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| oracular | needs-triage | |
| plucky | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/noble | needs-triage | |
| jammy | DNE | |
| noble | needs-triage | |
| oracular | needs-triage | |
| plucky | needs-triage | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | not-affected | |
| jammy | needs-triage | |
| noble | not-affected | 9.0.70-2ubuntu0.1 |
| oracular | not-affected | |
| plucky | not-affected | |
| upstream | released | 9.0.70-2 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS3
Связанные уязвимости
A denial-of-service (DoS) vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number of multipart headers. This malicious input can lead to uncontrolled memory consumption within applications utilizing the library, exhausting system resources and causing a denial of service.
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.
Allocation of resources for multipart headers with insufficient limits ...
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers
EPSS
7.5 High
CVSS3