Skip to content

Commons FileUpload Denial of service vulnerability

High severity GitHub Reviewed Published Dec 21, 2018 to the GitHub Advisory Database • Updated Mar 5, 2024

Package

maven commons-fileupload:commons-fileupload (Maven)

Affected versions

< 1.3.1

Patched versions

1.3.1
maven org.apache.tomcat:tomcat (Maven)
>= 8.0.0-RC1, <= 8.0.1
>= 7.0.0, <= 7.0.50
8.0.3
7.0.52

Description

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

References

Published by the National Vulnerability Database Apr 1, 2014
Published to the GitHub Advisory Database Dec 21, 2018
Reviewed Jun 16, 2020
Last updated Mar 5, 2024

Severity

High

EPSS score

21.046%
(97th percentile)

Weaknesses

CVE ID

CVE-2014-0050

GHSA ID

GHSA-xx68-jfcg-xmmf

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.