SUSE: Security Advisory (SUSE-SU-2025:02159-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2025:02159-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : apache-commons-fileupload (SUSE-SU-2025:02159-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02159-1 advisory. Upgrade to upstream version 1.6.0 - CVE-2025-48976: Fixed allocation of resources for multipart headers with insufficient...

Security update for apache-commons-fileupload

This update for apache-commons-fileupload fixes the following issues: Upgrade to upstream version 1.6.0 CVE-2025-48976: Fixed allocation of resources for multipart headers with insufficient limits can lead to a DoS bsc1244657. Full changelog:...

SUSE-SU-2025:02159-1 Security update for apache-commons-fileupload

This update for apache-commons-fileupload fixes the following issues: Upgrade to upstream version 1.6.0 - CVE-2025-48976: Fixed allocation of resources for multipart headers with insufficient limits can lead to a DoS bsc1244657. Full changelog:...

SUSE CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...

CVE-2025-48976

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...

GHSA-VV7R-C36W-3PRJ Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...

CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...

CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...

DEBIAN-CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...

UBUNTU-CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...

CVE-2025-48976 Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...

CVE-2025-48976

CVE-2025-48976 is a DoS in Apache Commons FileUpload caused by allocation of resources for multipart headers with insufficient limits. Affected: 1.0 before 1.6 and 2.0.0-M1 before 2.0.0-M4. Impact: potential high-availability disruption. Remediation: upgrade to 1.6 or 2.0.0-M4 (as stated in multi...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat

Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...

Linux Distros Unpatched Vulnerability : CVE-2023-24998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS wit...

Linux Distros Unpatched Vulnerability : CVE-2013-0248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allo...