CVE-2014-0050 – commons-fileupload:commons-fileupload

Package

Manager: maven
Name: commons-fileupload:commons-fileupload
Vulnerable Version: >=0 <1.3.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.92877 pctl0.99757

Details

Commons FileUpload Denial of service vulnerability MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Metadata

Created: 2018-12-21T17:51:42Z
Modified: 2024-03-05T19:13:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-xx68-jfcg-xmmf/GHSA-xx68-jfcg-xmmf.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-xx68-jfcg-xmmf
Finding: F184
Auto approve: 1