Back to search
CVE-2016-3092
Published: Jul 4, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
JVNDB-2016-000121
third-party-advisory
x_refsource_JVNDB
https://security.netapp.com/advisory/ntap-20190212-0001/
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1743480
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
GLSA-201705-09
vendor-advisory
x_refsource_GENTOO
http://svn.apache.org/viewvc?view=revision&revision=1743738
x_refsource_CONFIRM
http://tomcat.apache.org/security-9.html
x_refsource_CONFIRM
USN-3024-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2016:2069
vendor-advisory
x_refsource_REDHAT
1037029
vdb-entry
x_refsource_SECTRACK
RHSA-2016:2068
vendor-advisory
x_refsource_REDHAT
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
1036900
vdb-entry
x_refsource_SECTRACK
91453
vdb-entry
x_refsource_BID
http://tomcat.apache.org/security-8.html
x_refsource_CONFIRM
RHSA-2016:2072
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1743722
x_refsource_CONFIRM
DSA-3611
vendor-advisory
x_refsource_DEBIAN
RHSA-2016:2807
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
openSUSE-SU-2016:2252
vendor-advisory
x_refsource_SUSE
JVN#89379547
third-party-advisory
x_refsource_JVN
1036427
vdb-entry
x_refsource_SECTRACK
RHSA-2016:2070
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0457
vendor-advisory
x_refsource_REDHAT
RHSA-2016:2808
vendor-advisory
x_refsource_REDHAT
1039606
vdb-entry
x_refsource_SECTRACK
http://svn.apache.org/viewvc?view=revision&revision=1743742
x_refsource_CONFIRM
RHSA-2016:2599
vendor-advisory
x_refsource_REDHAT
DSA-3609
vendor-advisory
x_refsource_DEBIAN
RHSA-2017:0455
vendor-advisory
x_refsource_REDHAT
DSA-3614
vendor-advisory
x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_refsource_CONFIRM
[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability
mailing-list
x_refsource_MLIST
RHSA-2017:0456
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1349468
x_refsource_CONFIRM
RHSA-2016:2071
vendor-advisory
x_refsource_REDHAT
USN-3027-1
vendor-advisory
x_refsource_UBUNTU
[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
GLSA-202107-39
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now