Apache Commons FileUpload, which is bundled with IBM WebSphere Dashboard Framework, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
IBM WebSphere Dashboard Framework (WDF) bundles a copy of Apache Commons FileUpload, which can be used to upload files to the WDF server. A vulnerability in the FileUpload library allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string on the multipart upload request.
CVEID: CVE-2016-3092
DESCRIPTION: Applications which use the Apache Commons FileUpload component are vulnerable to a denial of service. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
WebSphere Dashboard Framework 7.0.1
_
Product_
|
_ VRMF_|
_ APAR _|
—|—|—|—
WebSphere Dashboard Framework| 7.0.1| LO90165| Download the fix
None