Apache Commons FileUpload 安全漏洞

Apache Commons FileUpload is the United States Apache Apache Foundation of a file can be uploaded to the Servlet and Web applications package. A denial of service vulnerability exists in Apache Commons FileUpload versions prior to 1.5, which stems from a failure to limit the number of requests an...

Apache Tomcat 9.0.0.M1 < 9.0.71

The version of Tomcat installed on the remote host is prior to 9.0.71. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.71security-9 advisory. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in th...

SUSE CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

SUSE CVE-2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's intended exit conditions...

SUSE CVE-2016-3092

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service CPU consumption via a long boundary string...

SUSE CVE-2016-1000031

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution...

SUSE CVE-2017-1000394

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...

Fixed in Apache Tomcat 8.5.85

Important: Apache Tomcat denial of service CVE-2023-24998 Apache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload...

PT-2023-2276

Name of the Vulnerable Software and Affected Versions Apache Commons FileUpload versions prior to 1.5 Description The issue is related to the unlimited distribution of resources, which can be exploited by an attacker to trigger a denial of service DoS with a malicious upload or series of uploads...

Fixed in Apache Tomcat 10.1.5

Important: Apache Tomcat denial of service CVE-2023-24998 Apache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload...

Fixed in Apache Tomcat 9.0.71

Important: Apache Tomcat denial of service CVE-2023-24998 Apache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload...

Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)

Summary Apache Commons Fileupload is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastucture. Information about security vulnerabilities affecting Apache Commons Fileupload has been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-2186...

Security Bulletin: Security vulnerability in Apache Commons FileUpload might affect IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2016-1000031)

Summary A vulnerability for Apache Commons FileUpload before 1.3.3 has been reported which allows a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in certain products, could allow a remote...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Intelligent Operations Center products (CVE-2016-3092)

Summary IBM WebSphere Application Server is shipped as a component of IBM Intelligent Operations Center and related products. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-3092...

Arbitrary file write in Apache Commons Fileupload

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +5777 more potentially affected by CVE-2013-2186 via commons-fileupload:commons-fileupload (>=1.0 <=1.3.1-jenkins-2)

commons-fileupload:commons-fileupload MAVEN version =1.0, =1.1, =0.0.1, =1.0, =1.0, =3.1.1, =0.0.1, =0.3.15 and more Source cves: CVE-2013-2186 Source advisory: OSV:GHSA-QX6H-9567-5FQW...

GHSA-QX6H-9567-5FQW Arbitrary file write in Apache Commons Fileupload

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

GHSA-F7F6-XRWC-9C57 Improper Input Validation in Jenkins

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +3081 more potentially affected by CVE-2013-0248 via commons-fileupload:commons-fileupload (>=1.0 <=1.2.1)

commons-fileupload:commons-fileupload MAVEN version =1.0, =1.1, =0.0.1, =1.0, =3.1.1, =0.0.1, =1.2.1, =0.0.2, =0.0.2, =0.0.2, =2.2.4 and more Source cves: CVE-2013-0248 Source advisory: OSV:GHSA-VM69-474V-7Q2W...

Incorrect Default Permissions in Apache Commons FileUpload

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...