Fixed in Apache Tomcat 7.0.52

Note: The issue below was fixed in Apache Tomcat 7.0.51 but the release vote for the 7.0.51 release candidate did not pass. Therefore, although users must download 7.0.52 to obtain a version that includes a fix for this issue, version 7.0.51 is not included in the list of affected versions.

Important: Denial of Service CVE-2014-0050

It was possible to craft a malformed Content-Type header for a multipart request that caused Apache Tomcat to enter an infinite loop. A malicious user could, therefore, craft a malformed request that triggered a denial of service.

The root cause of this error was a bug in Apache Commons FileUpload. Tomcat 7 uses a packaged renamed copy of Apache Commons FileUpload to implement the requirement of the Servlet 3.0 specification to support the processing of mime-multipart requests. Tomcat 7 was therefore affected by this issue.

This was fixed in revision 1565169.

This issue was reported to the Apache Software Foundation on 04 Feb 2014 and accidently made public on 06 Feb 2014.

Affects: 7.0.0-7.0.50