Your submission was sent successfully! Close

CVE-2014-0050

Published: 07 February 2014

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Priority

Medium

Status

Package Release Status
libcommons-fileupload-java
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.3.1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.3.1-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1565143
tomcat6
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

tomcat7
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.52-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.0.52-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.0.52-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(7.0.52-1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1565169