JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop.

As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed.

Impact

Processing a malformed request may cause the condition that the target system does not respond.

Solution

Update the Software
Update to the latest version that contains a fix fot this vulnerability:

• Apache Commons FileUpload 1.3.1

• Apache Tomcat 8.0.3

• Apache Tomcat 7.0.52

• Apache Struts 2.3.16.1
  Apply the Patch
  In the developer’s repository, the respective source code that contains a fix for this vulnerability has been released.

• Apache Commons FileUpload: <http://svn.apache.org/r1565143&gt;

• Apache Tomcat 8: <http://svn.apache.org/r1565163&gt;

• Apache Tomcat 7: <http://svn.apache.org/r1565169&gt;
  Workaround
  Applying the following workaround may mitigate the effect of this vulnerability.

• Limit the Content-Type header size less than 4091 bytes
  For more information, please refer to the developer’s site.

Products Affected

• Commons FileUpload 1.0 to 1.3
• Apache Tomcat 8.0.0-RC1 to 8.0.1
• Apache Tomcat 7.0.0 to 7.0.50
• Products that use Apache Commons FileUpload
  According to the developer, Apache Tomcat 6 and earlier are not affected.

The developer also states that Apache Commons FileUpload is widely used for multiple Apache products, therefore, multiple Apache products other than Apache Tomcat may be affected by this vulnerability.
According to the developer, the following products may be affected.

• Jenkins
• JSPWiki
• JXP
• Lucene-Solr
• onemind-commons
• Spring
• Stapler
• Struts 1, 2
• WSDL2c