GoogleOSV:GHSA-FVM3-CFVJ-GXQQHigh severity vulnerability that affects commons-fileupload:commons-fileupload
0.043 Low
EPSS
Percentile
92.4%
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
References
jvn.jp/en/jp/JVN89379547/index.html
jvndb.jvn.jp/jvndb/JVNDB-2016-000121
lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
rhn.redhat.com/errata/RHSA-2016-2068.html
rhn.redhat.com/errata/RHSA-2016-2069.html
rhn.redhat.com/errata/RHSA-2016-2070.html
rhn.redhat.com/errata/RHSA-2016-2071.html
rhn.redhat.com/errata/RHSA-2016-2072.html
rhn.redhat.com/errata/RHSA-2016-2599.html
rhn.redhat.com/errata/RHSA-2016-2807.html
rhn.redhat.com/errata/RHSA-2016-2808.html
rhn.redhat.com/errata/RHSA-2017-0457.html
svn.apache.org/viewvc?view=revision&revision=1743480
svn.apache.org/viewvc?view=revision&revision=1743722
svn.apache.org/viewvc?view=revision&revision=1743738
svn.apache.org/viewvc?view=revision&revision=1743742
tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
tomcat.apache.org/security-9.html
www.debian.org/security/2016/dsa-3609
www.debian.org/security/2016/dsa-3611
www.debian.org/security/2016/dsa-3614
www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
www.ubuntu.com/usn/USN-3024-1
www.ubuntu.com/usn/USN-3027-1
access.redhat.com/errata/RHSA-2017:0455
access.redhat.com/errata/RHSA-2017:0456
bugzilla.redhat.com/show_bug.cgi?id=1349468
github.com/advisories/GHSA-fvm3-cfvj-gxqq
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2016-3092
security.gentoo.org/glsa/201705-09
security.gentoo.org/glsa/202107-39
security.netapp.com/advisory/ntap-20190212-0001
web.archive.org/web/20160726114129/www.securitytracker.com/id/1036427
web.archive.org/web/20160924080828/www.securityfocus.com/bid/91453
web.archive.org/web/20170317103106/www.securitytracker.com/id/1037029
web.archive.org/web/20171103224941/www.securitytracker.com/id/1036900
web.archive.org/web/20171111060434/www.securitytracker.com/id/1039606
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Related
