Seal Security

CVE-2014-0050

Commons FileUpload Denial of service vulnerability

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

Score Vector

Affected Versions

commons-fileupload:commons-fileupload < 1.3.1; org.apache.tomcat:tomcat >= 8.0.0-RC1 < 8.0.3; org.apache.tomcat:tomcat >= 7.0.0 < 7.0.52

Severity

Ecosystem

Publish Date

December 21, 2018

Modified Date

December 2, 2024