SUSE SLES15 Security Update : tomcat (SUSE-SU-2023:0697-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0697-1 advisory. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacke...

GHSA-FRGR-C5F2-8QHH Denial of service in Jenkins Core

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 is affected by the Apache Commons FileUpload library’s vulnerability CVE-2023-24998. This library is used to process uploaded files via the Stapler web framework usually through StaplerRequestgetFile and...

Denial of service in Jenkins Core

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 is affected by the Apache Commons FileUpload library’s vulnerability CVE-2023-24998. This library is used to process uploaded files via the Stapler web framework usually through StaplerRequestgetFile and...

Denial of service in Jenkins Core

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

CVE-2023-27901

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

CVE-2023-27901

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

CVE-2023-27900

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

CVE-2023-27900

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

Denial of service

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

Denial of service

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

CVE-2023-27900

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

OESA-2023-1155 apache-commons-fileupload security update

The javax.servlet package lacks support for RFC-1867, HTML file upload. This package provides a simple to use API for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest. Securi...

Security Bulletin: Apache Commons FileUpload (Publicly disclosed vulnerability) affects IBM eDiscovery Manager (CVE-2023-24998)

Summary Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cau...

Jenkins LTS < 2.375.4 / Jenkins weekly < 2.394 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.375.4 or Jenkins weekly prior to 2.394. It is, therefore, affected by multiple vulnerabilities: - Apache Commons FileUpload before 1.5 does not limit the number of...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.8 Multiple Vulnerabilities (CloudBees Security Advisory 2023-03-08)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.8. It is, therefore, affected by multiple vulnerabilities including the following: - DoS vulnerability in bundled Apache Commons FileUpload library CVE-2023-24998,...

CVE-2023-27901

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

CVE-2023-27901

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

CVE-2023-27901

CVE-2023-27901 affects Jenkins 2.393 and earlier (LTS 2.375.3 and earlier). The issue is due to Apache Commons FileUpload being used without limits on the number of request parts, in the context of org.kohsuke.stapler.RequestImpl, enabling a denial-of-service condition. The Connected documents al...

CVE-2023-27900

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

CVE-2023-27900

CVE-2023-27900 affects Jenkins 2.393 and earlier (including LTS 2.375.3 and earlier). The issue arises in hudson.util.MultipartFormDataParser where Apache Commons FileUpload is used without limiting the number of request parts (introduced by CVE-2023-24998), enabling a potential denial of service...