Security Bulletin: IBM Security Verify Directory Web Admin Tool Container affected by WebSphere Application Server Liberty Denial‑of‑Service Vulnerability with HTTP/2

Summary IBM Security Verify Directory Web Admin Container has remediated the WebSphere Liberty vulnerabilities CVE-2025-48976 by incorporating the updated WebSphere Liberty runtime levels that include the necessary fixes. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...

Oracle WebLogic Server (January 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component:...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for December 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF006 and 25.0.0-IF003. These vulnerabilities have been also addressed in 24.0.0-IF005. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficie...

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Business Service Manager

Summary IBM Tivoli Netcool Impact is a component of the IBM Tivoli Business Service Manager data server. Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.1.0 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with...

Atlassian Jira Service Management Data Center and Server 5.10.0 < 5.12.26 / 10.0.x < 10.3.10 / 10.4.x < 10.7.3 / 11.0.x < 11.2.0 (JSDSERVER-16435)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16435 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability i...

Updated apache-commons-fileupload packages fix security vulnerability

Apache Commons FileUpload: FileUpload DoS via part headers. CVE-2025-48976...

Security Bulletin: Multiple Vulnerabilities in IBM webMethods BPM.

Summary Multiple vulnerabilities were addressed in IBM webMethods BPM. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

TencentOS Server 3: tomcat (TSSA-2025:0797)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0797 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-48976)

Summary The following vulnerabilities, which can affect IBM Storage Scale and the Management GUI and could provide weaker-than-expected security, are now fixed in Storage Scale 5.1.9.12 and 5.2.3.3 or higher CVE-2025-48976. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...

Security Bulletin: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload, (CVE-2025-48976) affects IBM PowerVM Novalink.

Summary A DoS vulnerability in Apache Commons FileUpload before 1.6 and 2.0.0-M4 allows resource exhaustion via multipart headers. Fixed in versions 1.6 and 2.0.0-M4. PowerVM NovaLink has addressed CVE-2025-48976. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for...

RLSA-2025:14178 Important: tomcat9 security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Security Bulletin: IBM SPSS Analytic Server is affected by a Denial of Service (DoS) vulnerability in Apache Commons FileUpload.

Summary IBM SPSS Analytic Server is affected by a Denial of Service DoS vulnerability in Apache Commons FileUpload. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits...

ROS-20250911-09

A vulnerability in the Apache Commons FileUpload library is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Security Bulletin: The IBM Engineering Test Management product using WebSphere Application Server traditional is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. It has been addressed in this...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

tomcat security update

1:9.0.87-3.el96.3 - Resolves: RHEL-102200 tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames CVE-2025-48989 1:9.0.87-3.el96.2 - Resolves: RHEL-108491 tomcat: Apache Commons FileUpload DOS via part headers CVE-2025-48976 - Resolves: RHEL-108499 tomcat: Dos in multipart upload...

Important: tomcat

Issue Overview: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or...

Apache Commons FileUpload 安全漏洞

Apache Commons FileUpload is an Apache USA Foundation package that uploads files to Servlets and Web applications. A security vulnerability exists in Apache Commons FileUpload, which stems from an under-allocation of resources and could lead to a denial of service. The following versions are...

PT-2023-21407 · Apache +1 · Apache Commons Fileupload +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.393 and earlier Jenkins LTS versions 2.375.3 and earlier Description: The issue allows attackers to trigger a denial of service by exploiting the Apache Commons FileUpload library without specified limits for the number of...

DEBIAN-CVE-2023-24998

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...