Apache commons-fileupload 1.3.1 was released this weekend with a fix for CVE-2014-0050, involving a DoS attack when using specially crafted multipart requests. We need to determine if Confluence is vulnerable, and if so, upgrade to this version of the library.

Affected configurations

Vulners

Node

atlassianconfluence_data_centerRange≤5.4.3

atlassianconfluence_data_centerRange<5.4.4

atlassianconfluence_data_centerRange<5.4-OD-20

VendorProductVersionCPE
atlassianconfluence_data_center*cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	confluence_data_center	*	cpe:2.3:a:atlassian:confluence_data_center::::::::

debian 2

securityvulns 5

openvas 35

veracode 1

ibm 45

atlassian 2

debiancve 1

nessus 46

packetstorm 1

seebug 2

redhat 13

f5 2

exploitpack 1

mageia 2

prion 1

nvd 1

jvn 1

fedora 2

checkpoint_advisories 1

ubuntucve 1

github 1

cve 1

tomcat 2

zdt 1

suse 1

amazon 2

osv 5

cvelist 1

metasploit 1

exploitdb 1

gentoo 2

vmware 4

threatpost 1

oraclelinux 4

huawei 1

centos 2

ubuntu 1

symantec 1

oracle 2

debian

[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update

2014-02-07 22:59:08

[SECURITY] [DSA 2897-1] tomcat7 security update

2014-04-08 18:25:14

securityvulns

[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS

2014-03-31 00:00:00

[security bulletin] HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS)

2015-05-11 00:00:00

HP SDN VAN Controller DoS

2015-05-11 00:00:00

openvas

Mageia: Security Advisory (MGASA-2014-0109)

2022-01-28 00:00:00

Fedora Update for apache-commons-fileupload FEDORA-2014-2183

2014-02-20 00:00:00

SUSE: Security Advisory (SUSE-SU-2014:0548-1)

2021-06-09 00:00:00

veracode

Denial Of Service (DoS) By An Infinite Loop Causing CPU Consumption

2019-01-15 08:58:15

ibm

Security Bulletin: DataQuant for WebSphere is affected by a vulnerability in Apache Commons FileUpload (CVE-2014-0050)

2021-02-12 21:24:38

Security Bulletin: Denial of Service attack possible on Cúram instances using Apache Commons FileUpload (CVE-2014-0050)

2018-07-02 12:08:36

Security Bulletin: Apache Commons FileUpload is vulnerable to a denial of service (CVEID: CVE-2014-0050) in IBM Content Manager Services for Lotus Quickr

2018-06-17 12:08:08

atlassian

Security vulnerability in apache commons fileupload

2014-02-10 05:56:15

Security vulnerability in apache commons fileupload

2014-02-10 05:56:15

debiancve

CVE-2014-0050

2014-04-01 06:27:51

nessus

Mandriva Linux Security Advisory : apache-commons-fileupload (MDVSA-2014:056)

2014-03-14 00:00:00

Fedora 20 : apache-commons-fileupload-1.3-5.fc20 (2014-2175)

2014-02-18 00:00:00

openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2014:0528-1)

2014-06-13 00:00:00

packetstorm

Apache Commons FileUpload and Apache Tomcat Denial of Service

2024-08-31 00:00:00

seebug

Apache Commons FileUpload/Apache Tomcat拒绝服务漏洞

2014-02-13 00:00:00

Apache Commons FileUpload and Apache Tomcat - Denial-of-Service

2014-07-01 00:00:00

redhat

(RHSA-2014:0253) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.1 security update

2014-03-05 00:00:00

(RHSA-2014:0252) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.1 security update

2014-03-05 18:50:05

(RHSA-2014:0429) Moderate: tomcat6 security update

2014-04-23 00:00:00

SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050

2014-04-18 00:00:00

K15189 : Apache Commons FileUpload vulnerability CVE-2014-0050

2015-08-15 00:00:00

exploitpack

Apache Commons FileUpload and Apache Tomcat - Denial of Service

2014-02-12 00:00:00

mageia

Updated apache-commons-fileupload package fixes CVE-2014-0050

2014-02-28 22:57:52

Updated tomcat packages fix CVE-2014-0050

2014-02-28 22:59:29

prion

Design/Logic Flaw

2014-04-01 06:27:00

nvd

CVE-2014-0050

2014-04-01 06:27:51

jvn

JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

2014-02-10 00:00:00

fedora

[SECURITY] Fedora 19 Update: apache-commons-fileupload-1.3-5.fc19

2014-02-17 21:07:04

[SECURITY] Fedora 20 Update: apache-commons-fileupload-1.3-5.fc20

2014-02-17 21:06:10

checkpoint_advisories

Apache Tomcat FileUpload Content-Type Header Infinite Loop (CVE-2014-0050)

2014-03-16 00:00:00

ubuntucve

CVE-2014-0050

2014-02-07 00:00:00

github

Commons FileUpload Denial of service vulnerability

2018-12-21 17:51:42

cve

CVE-2014-0050

2014-04-01 06:27:51

tomcat

Fixed in Apache Tomcat 8.0.3

2014-02-11 00:00:00

Fixed in Apache Tomcat 7.0.52

2014-02-17 00:00:00

zdt

Apache Commons FileUpload and Apache Tomcat Denial of Service

2014-02-12 00:00:00

suse

Security update for jakarta-commons-fileupload (important)

2014-04-17 21:04:15

amazon

Medium: tomcat7

2014-03-24 23:36:00

Medium: tomcat6

2014-05-21 10:45:00

osv

Commons FileUpload Denial of service vulnerability

2018-12-21 17:51:42

apache-commons-fileupload-1.4-1.9 on GA media

2024-06-15 00:00:00

tomcat7 - security update

2014-04-08 00:00:00

cvelist

CVE-2014-0050

2014-03-28 19:00:00

metasploit

Apache Commons FileUpload and Apache Tomcat DoS

2014-02-22 13:56:59

exploitdb

Apache Commons FileUpload and Apache Tomcat - Denial of Service

2014-02-12 00:00:00

gentoo

Apache Commons FileUpload: Multiple vulnerabilities

2021-07-17 00:00:00

Apache Tomcat: Multiple vulnerabilities

2014-12-15 00:00:00

vmware

VMware product updates address security vulnerabilities in Apache Struts library

2014-06-24 00:00:00

VMware product updates address security vulnerabilities in Apache Struts library

2014-06-24 00:00:00

VMware vSphere product updates to third party libraries

2014-09-09 00:00:00

threatpost

VMware Patches Apache Struts Flaws in vCOPS

2014-06-25 13:59:49

oraclelinux

tomcat6 security update

2014-04-23 00:00:00

tomcat security update

2014-07-20 00:00:00

tomcat6 security and bug fix update

2014-07-09 00:00:00

huawei

Security Advisory-Apache Struts2 vulnerability on Huawei multiple products

2014-07-07 00:00:00

centos

tomcat6 security update

2014-04-23 19:07:14

tomcat6 security update

2014-07-09 16:09:49

ubuntu

Tomcat vulnerabilities

2014-03-06 00:00:00

symantec

SA100 : Apache Tomcat Vulnerabilities

2015-07-23 08:00:00

oracle

Oracle Critical Patch Update - April 2015

2015-04-14 00:00:00

Oracle Critical Patch Update - July 2014

2014-07-15 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.191

Percentile

96.3%

JSON

Related for CONFSERVER-32557