560 matches found
Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-48976)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service attack due to an Apache Commons FileUpload vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerabili...
Linux Distros Unpatched Vulnerability : CVE-2025-48976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commo...
IBM WebSphere Application Server 8.5.x < 8.5.5.29 / 9.x < 9.0.5.26 / Liberty 17.0.0.3 < 25.0.0.9 DoS (7242088)
The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7242088 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affect...
Linux Distros Unpatched Vulnerability : CVE-2016-3092
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x...
Linux Distros Unpatched Vulnerability : CVE-2016-1000031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution CVE-2016-1000031 Note that Nessus relies on the presence of the...
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers
A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers
A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...
Security Bulletin: IBM Integration Designer is vulnerable to denial of service (CVE-2025-48976, CVE-2025-48924)
Summary Vulnerability in Apache Commons FileUpload and Commons Lang used by IBM Integration Designer. IBM Integration Designer has addressed CVE-2025-48976 and CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...
Security Bulletin: Apache Commons FileUpload used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2025-48976))
Summary Apache Commons FileUpload used by IBM InforSphere Identity Insight provided a hard-coded limit of 10kB for the size of the headers associated with a multipart request. A specially crafted request that used a large number of parts with large headers could trigger excessive memory usage...
OESA-2025-1818 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
OESA-2025-1817 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
Important: tomcat
Issue Overview: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or...
Amazon Linux 2 : tomcat (ALAS-2025-2920)
The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2920 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1065)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1065 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before...
Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2025-020 (ALASTOMCAT9-2025-020)
The version of tomcat installed on the remote host is prior to 9.0.106-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-020 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Common...
DoS (Denial of Service) Third-Party Dependency in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
apache-commons-fileupload-1.6.0-1.1 on GA media (moderate)
apache-commons-fileupload-1.6.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15208-1 Rating: moderate Cross-References: CVE-2025-48976 CVSS scores: CVE-2025-48976 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-48976 SUSE : 8.7...
OPENSUSE-SU-2025:15208-1 apache-commons-fileupload-1.6.0-1.1 on GA media
These are all security issues fixed in the apache-commons-fileupload-1.6.0-1.1 package on the GA media of openSUSE Tumbleweed...
The vulnerability of the Apache Commons FileUpload library, related to unlimited resource distribution, allows attackers to cause service failures.
The vulnerability of the Apache Commons FileUpload library is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...