CVE-2016-3092 – commons-fileupload:commons-fileupload

Package

Manager: maven
Name: commons-fileupload:commons-fileupload
Vulnerable Version: >=0 <1.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.44747 pctl0.97492

Details

High severity vulnerability that affects commons-fileupload:commons-fileupload The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Metadata

Created: 2018-12-21T17:47:47Z
Modified: 2021-07-19T15:57:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-fvm3-cfvj-gxqq/GHSA-fvm3-cfvj-gxqq.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-fvm3-cfvj-gxqq
Finding: F184
Auto approve: 1