Lucene search

PRIOn knowledge basePRION:CVE-2014-0050

HistoryApr 01, 2014 - 6:27 a.m.

Design/Logic Flaw

2014-04-0106:27:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.166 Low

EPSS

Percentile

95.9%

JSON

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop’s intended exit conditions.

CPENameOperatorVersion
commons_fileuploadeq1.2.2
commons_fileuploadeq1.2
commons_fileuploadeq1.1
commons_fileuploadle1.3
commons_fileuploadeq1.1.1
commons_fileuploadeq1.2.1
commons_fileuploadeq1.0
tomcateq7.0.2 beta
tomcateq7.0.49
tomcateq7.0.12

Name	Operator	Version
commons_fileupload	eq	1.2.2
commons_fileupload	eq	1.2
commons_fileupload	eq	1.1
commons_fileupload	le	1.3
commons_fileupload	eq	1.1.1
commons_fileupload	eq	1.2.1
commons_fileupload	eq	1.0
tomcat	eq	7.0.2 beta
tomcat	eq	7.0.49
tomcat	eq	7.0.12

Rows per page:

1-10 of 741

References

advisories.mageia.org/MGASA-2014-0110.html

blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html

jvn.jp/en/jp/JVN14876762/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000017

mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E

packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

rhn.redhat.com/errata/RHSA-2014-0252.html

rhn.redhat.com/errata/RHSA-2014-0253.html

rhn.redhat.com/errata/RHSA-2014-0400.html

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/57915

secunia.com/advisories/58075

secunia.com/advisories/58976

secunia.com/advisories/59039

secunia.com/advisories/59041

secunia.com/advisories/59183

secunia.com/advisories/59184

secunia.com/advisories/59185

secunia.com/advisories/59187

secunia.com/advisories/59232

secunia.com/advisories/59399

secunia.com/advisories/59492

secunia.com/advisories/59500

secunia.com/advisories/59725

secunia.com/advisories/60475

secunia.com/advisories/60753

svn.apache.org/r1565143

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www-01.ibm.com/support/docview.wss?uid=swg21669554

www-01.ibm.com/support/docview.wss?uid=swg21675432

www-01.ibm.com/support/docview.wss?uid=swg21676091

www-01.ibm.com/support/docview.wss?uid=swg21676092

www-01.ibm.com/support/docview.wss?uid=swg21676401

www-01.ibm.com/support/docview.wss?uid=swg21676403

www-01.ibm.com/support/docview.wss?uid=swg21676405

www-01.ibm.com/support/docview.wss?uid=swg21676410

www-01.ibm.com/support/docview.wss?uid=swg21676656

www-01.ibm.com/support/docview.wss?uid=swg21676853

www-01.ibm.com/support/docview.wss?uid=swg21677691

www-01.ibm.com/support/docview.wss?uid=swg21677724

www-01.ibm.com/support/docview.wss?uid=swg21681214

www.debian.org/security/2014/dsa-2856

www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html

www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html

www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

www.mandriva.com/security/advisories?name=MDVSA-2015:084

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/archive/1/532549/100/0/threaded

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/65400

www.ubuntu.com/usn/USN-2130-1

www.vmware.com/security/advisories/VMSA-2014-0007.html

www.vmware.com/security/advisories/VMSA-2014-0008.html

www.vmware.com/security/advisories/VMSA-2014-0012.html

bugzilla.redhat.com/show_bug.cgi?id=1062337

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

marc.info/?l=bugtraq&m=143136844732487&w=2

security.gentoo.org/glsa/202107-39

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.166 Low

EPSS

Percentile

95.9%

JSON

Design/Logic Flaw

References

Related