Lucene search
K

2996 matches found

Positive Technologies
Positive Technologies
added 2014/04/30 12:0 a.m.8 views

PT-2014-1716

Name of the Vulnerable Software and Affected Versions Apache Commons BeanUtils versions 1.8.0 through 1.9.2 Apache Struts versions 1.x through 1.3.10 Description The issue allows remote attackers to manipulate the ClassLoader and execute arbitrary code via the class parameter. This can be...

7.5CVSS7.1AI score0.96121EPSS
Exploits4References208
Tenable Nessus
Tenable Nessus
added 2014/04/24 12:0 a.m.43 views

Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140423)

It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this fla...

7.5CVSS6.8AI score0.83175EPSS
Exploits12References5
RedHat Linux
RedHat Linux
added 2014/04/23 6:27 p.m.7 views

apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream

A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter...

7.5CVSS6.7AI score0.83175EPSS
Exploits8References4
F5 Networks
F5 Networks
added 2014/04/18 12:0 a.m.65 views

SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.7AI score0.83175EPSS
Exploits8References5
CVE
CVE
added 2014/04/17 2:0 p.m.56 views

CVE-2014-0111

CVE-2014-0111 affects Apache Syncope: remote code execution via Apache Commons JEXL expressions in areas such as derived schema definition, user/role templates, and account links of resource mappings. Impact is that a authenticated administrator could inject and execute arbitrary Java code on the...

6.5CVSS7.6AI score0.03284EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/04/17 2:0 p.m.36 views

CVE-2014-0111

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."...

7.4AI score0.03284EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.7 views

apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream

A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter...

7.5CVSS6.7AI score0.83175EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.48 views

Moderate: Red Hat Security Advisory: Red Hat JBoss A-MQ 6.1.0 update

Red Hat JBoss A-MQ 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS bas...

7.5CVSS6.6AI score0.91354EPSS
Exploits10References12
RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.4 views

apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream

A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter...

7.5CVSS6.7AI score0.83175EPSS
Exploits8References4
NVD
NVD
added 2014/04/05 2:55 p.m.25 views

CVE-2014-2600

Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors...

4CVSS6.2AI score0.01233EPSS
Exploits0References1
Prion
Prion
added 2014/04/05 2:55 p.m.13 views

Design/Logic Flaw

Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors...

4CVSS6.7AI score0.01233EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2014/04/05 2:55 p.m.2 views

CVE-2014-2600

Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors...

4CVSS5.6AI score0.01233EPSS
Exploits0References3
CVE
CVE
added 2014/04/05 2:0 p.m.46 views

CVE-2014-2600

CVE-2014-2600 affects HP IceWall Identity Manager 4.0–SP1, 5.0 and HP IceWall SSO 10.0 Password Reset Option when Apache Commons FileUpload is used. The vulnerability allows remote authenticated users to cause a Denial of Service via unknown vectors. HP/SSRT bulletin HPSBGN02986 rev.1 documents t...

4CVSS6.4AI score0.01233EPSS
Exploits0References1Affected Software2
RedHat Linux
RedHat Linux
added 2014/04/03 9:19 p.m.8 views

Moderate: Red Hat Security Advisory: Apache Commons Fileupload and JBoss Web security update

An update for the Apache Commons Fileupload and JBoss Web components that fixes two security issues is now available from the Red Hat Customer Portal for Red Hat JBoss BRMS 6.0.1 and Red Hat JBoss BPM Suite 6.0.1. The Red Hat Security Response Team has rated this update as having Moderate securit...

7.5CVSS6.6AI score0.83175EPSS
Exploits10References5
RedHat Linux
RedHat Linux
added 2014/04/03 9:19 p.m.6 views

apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream

A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter...

7.5CVSS6.7AI score0.83175EPSS
Exploits8References4
NVD
NVD
added 2014/04/01 6:27 a.m.31 views

CVE-2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's intended exit conditions...

7.5CVSS7.3AI score0.83175EPSS
Exploits8References69
OSV
OSV
added 2014/04/01 6:27 a.m.3 views

DEBIAN-CVE-2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's intended exit conditions...

7.5CVSS6.9AI score0.83175EPSS
Exploits8References1
OSV
OSV
added 2014/04/01 6:27 a.m.8 views

CVE-2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's intended exit conditions...

7.5CVSS6.3AI score0.83175EPSS
Exploits8References71
Prion
Prion
added 2014/04/01 6:27 a.m.25 views

Design/Logic Flaw

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's intended exit conditions...

7.5CVSS6.9AI score0.83175EPSS
Exploits8References69Affected Software3
CVE
CVE
added 2014/03/28 7:0 p.m.1890 views

CVE-2014-0050

This CVE affects Apache Commons FileUpload (MultipartStream.java) before version 1.3.1, as used in Apache Tomcat, JBoss Web, and other products. The root cause is a crafted Content-Type header that bypasses the loop exit conditions, allowing remote attackers to trigger an infinite loop and high C...

7.5CVSS7.1AI score0.83175EPSS
Exploits8References69Affected Software1
Rows per page
Query Builder