MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop’s intended exit conditions.
(
CVE-2014-0050
)
Impact
An attacker may be able to craft a malformed Content-Type header that causes Apache Commons FileUpload to enter an infinite loop.
AI Score
Confidence
EPSS
Percentile
96.3%