2014-04-01 08:27:51 2018-10-09 21:35:09

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Oracle Retail Applications 13.3 Oracle Retail Applications 13.1 Oracle Retail Applications 13.2 Oracle Retail Applications 13.0 Oracle Retail Applications 12.0IN Oracle Retail Applications 12.0 Apache Software Foundation Tomcat 8.0.1 Apache Software Foundation Tomcat 8.0.0 release candidate 5 Apache Software Foundation Tomcat 8.0.0 Release Candidate 2 Apache Software Foundation Tomcat 8.0.0 release candidate 10 Apache Software Foundation Tomcat 8.0.0 Release Candidate 1 Apache Software Foundation Tomcat 7.0.50 Apache Software Foundation Tomcat 7.0.49 Apache Software Foundation Tomcat 7.0.48 Apache Software Foundation Tomcat 7.0.47 Apache Software Foundation Tomcat 7.0.46 Apache Software Foundation Tomcat 7.0.45 Apache Software Foundation Tomcat 7.0.44 Apache Software Foundation Tomcat 7.0.43 Apache Software Foundation Tomcat 7.0.42 Apache Software Foundation Tomcat 7.0.41 Apache Software Foundation Tomcat 7.0.40 Apache Software Foundation Tomcat 7.0.39 Apache Software Foundation Tomcat 7.0.38 Apache Software Foundation Tomcat 7.0.37 Apache Software Foundation Tomcat 7.0.36 Apache Software Foundation Tomcat 7.0.35 Apache Software Foundation Tomcat 7.0.34 Apache Software Foundation Tomcat 7.0.33 Apache Software Foundation Tomcat 7.0.32 Apache Software Foundation Tomcat 7.0.31 Apache Software Foundation Tomcat 7.0.30 Apache Software Foundation Tomcat 7.0.29 Apache Software Foundation Tomcat 7.0.28 Apache Software Foundation Tomcat 7.0.27 Apache Software Foundation Tomcat 7.0.26 Apache Software Foundation Tomcat 7.0.25 Apache Software Foundation Tomcat 7.0.24 Apache Software Foundation Tomcat 7.0.23 Apache Software Foundation Tomcat 7.0.22 Apache Software Foundation Tomcat 7.0.21 Apache Software Foundation Tomcat 7.0.20 Apache Software Foundation Tomcat 7.0.19 Apache Software Foundation Tomcat 7.0.18 Apache Software Foundation Tomcat 7.0.17 Apache Software Foundation Tomcat 7.0.16 Apache Software Foundation Tomcat 7.0.15 Apache Software Foundation Tomcat 7.0.14 Apache Software Foundation Tomcat 7.0.13 Apache Software Foundation Tomcat 7.0.12 Apache Software Foundation Tomcat 7.0.11 Apache Software Foundation Tomcat 7.0.10 Apache Software Foundation Tomcat 7.0.9 Apache Software Foundation Tomcat 7.0.8 Apache Software Foundation Tomcat 7.0.7 Apache Software Foundation Tomcat 7.0.6 Apache Software Foundation Tomcat 7.0.5 Apache Software Foundation Tomcat 7.0.4 beta Apache Software Foundation Tomcat 7.0.4 Apache Software Foundation Tomcat 7.0.3 Apache Software Foundation Tomcat 7.0.2 beta Apache Software Foundation Tomcat 7.0.2 Apache Software Foundation Tomcat 7.0.1 Apache Software Foundation Tomcat 7.0.0 beta Apache Software Foundation Tomcat 7.0.0 Apache Software Foundation Commons FileUpload 1.3 Apache Software Foundation Commons FileUpload 1.2.2 Apache Software Foundation Commons FileUpload 1.2.1 Apache Software Foundation Commons FileUpload 1.2 Apache Software Foundation Commons FileUpload 1.1.1 Apache Software Foundation Commons FileUpload 1.1 Apache Software Foundation Commons FileUpload 1.0 Oracle Retail Applications 13.4 Oracle Retail Applications 14.0
Advisory Patch Confirmed Link
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/d...
http://www.vmware.com/security/advisories/VMSA-2014-0012...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/d...
https://bugzilla.redhat.com/show_bug.cgi?id=1062337
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/d...
http://www.vmware.com/security/advisories/VMSA-2014-0008...
20141205 NEW: VMSA-2014-0012 - VMware vSphere product up...
USN-2130-1
http://www.vmware.com/security/advisories/VMSA-2014-0007...
65400
20140625 NEW VMSA-2014-0007 - VMware product updates add...
http://www.oracle.com/technetwork/topics/security/cpuoct...
http://www.oracle.com/technetwork/topics/security/cpuoct...
http://www.oracle.com/technetwork/topics/security/cpujan...
http://www.oracle.com/technetwork/topics/security/cpuapr...
http://www.oracle.com/technetwork/topics/security/cpujul...
http://www.oracle.com/technetwork/topics/security/cpujan...
http://www.oracle.com/technetwork/security-advisory/cpuo...
http://www.oracle.com/technetwork/security-advisory/cpuo...
http://www.huawei.com/en/security/psirt/security-bulleti...
MDVSA-2015:084
http://www.hitachi.co.jp/Prod/comp/soft1/global/security...
http://www.hitachi.co.jp/Prod/comp/soft1/global/security...
DSA-2856
http://www.hitachi.co.jp/Prod/comp/soft1/global/security...
http://www-01.ibm.com/support/docview.wss?uid=swg2168121...
http://www-01.ibm.com/support/docview.wss?uid=swg2167772...
http://www-01.ibm.com/support/docview.wss?uid=swg2167769...
http://www-01.ibm.com/support/docview.wss?uid=swg2167685...
http://www-01.ibm.com/support/docview.wss?uid=swg2167665...
http://www-01.ibm.com/support/docview.wss?uid=swg2167641...
http://www-01.ibm.com/support/docview.wss?uid=swg2167640...
http://www-01.ibm.com/support/docview.wss?uid=swg2167640...
http://www-01.ibm.com/support/docview.wss?uid=swg2167609...
http://www-01.ibm.com/support/docview.wss?uid=swg2167640...
http://www-01.ibm.com/support/docview.wss?uid=swg2167609...
http://www-01.ibm.com/support/docview.wss?uid=swg2167543...
http://tomcat.apache.org/security-8.html
20141205 NEW: VMSA-2014-0012 - VMware vSphere product up...
http://svn.apache.org/r1565143
http://www-01.ibm.com/support/docview.wss?uid=swg2166955...
http://tomcat.apache.org/security-7.html
RHSA-2014:0253
RHSA-2014:0400
RHSA-2014:0252
[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache C...
HPSBGN03329
http://packetstormsecurity.com/files/127215/VMware-Secur...
JVN#14876762
JVNDB-2014-000017
http://advisories.mageia.org/MGASA-2014-0110.html
http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit...