CVE-2014-0050

Published: Mar 28, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

x_refsource_MISC

http://www.vmware.com/security/advisories/VMSA-2014-0008.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676656

x_refsource_CONFIRM

JVN#14876762

third-party-advisory

x_refsource_JVN

HPSBGN03329

vendor-advisory

x_refsource_HP

60753

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=1062337

x_refsource_CONFIRM

59184

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21677691

x_refsource_CONFIRM

DSA-2856

vendor-advisory

x_refsource_DEBIAN

59039

third-party-advisory

x_refsource_SECUNIA

59185

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21676401

x_refsource_CONFIRM

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

x_refsource_CONFIRM

58075

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21676853

x_refsource_CONFIRM

59187

third-party-advisory

x_refsource_SECUNIA

59041

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21681214

x_refsource_CONFIRM

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

x_refsource_CONFIRM

60475

third-party-advisory

x_refsource_SECUNIA

http://svn.apache.org/r1565143

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

x_refsource_CONFIRM

http://advisories.mageia.org/MGASA-2014-0110.html

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

x_refsource_CONFIRM

http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html

x_refsource_MISC

MDVSA-2015:084

vendor-advisory

x_refsource_MANDRIVA

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676410

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676405

x_refsource_CONFIRM

http://tomcat.apache.org/security-7.html

x_refsource_CONFIRM

59492

third-party-advisory

x_refsource_SECUNIA

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

x_refsource_BUGTRAQ

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

x_refsource_CONFIRM

59500

third-party-advisory

x_refsource_SECUNIA

59183

third-party-advisory

x_refsource_SECUNIA

http://tomcat.apache.org/security-8.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676403

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

x_refsource_CONFIRM

RHSA-2014:0252

vendor-advisory

x_refsource_REDHAT

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

x_refsource_CONFIRM

JVNDB-2014-000017

third-party-advisory

x_refsource_JVNDB

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

x_refsource_CONFIRM

USN-2130-1

vendor-advisory

x_refsource_UBUNTU

65400

vdb-entry

x_refsource_BID

RHSA-2014:0400

vendor-advisory

x_refsource_REDHAT

59725

third-party-advisory

x_refsource_SECUNIA

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

x_refsource_FULLDISC

http://www-01.ibm.com/support/docview.wss?uid=swg21675432

x_refsource_CONFIRM

57915

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

x_refsource_CONFIRM

59399

third-party-advisory

x_refsource_SECUNIA

[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS

mailing-list

x_refsource_MLIST

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

x_refsource_CONFIRM

58976

third-party-advisory

x_refsource_SECUNIA

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html

x_refsource_CONFIRM

RHSA-2014:0253

vendor-advisory

x_refsource_REDHAT

59232

third-party-advisory

x_refsource_SECUNIA

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21677724

x_refsource_CONFIRM

20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library

mailing-list

x_refsource_BUGTRAQ

http://www-01.ibm.com/support/docview.wss?uid=swg21669554

x_refsource_CONFIRM

GLSA-202107-39

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-0050

Description

Affected Products

References