Lucene search
K

560 matches found

AlmaLinux
AlmaLinux
added 2025/08/20 12:0 a.m.17 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...

7.5CVSS7.4AI score0.64718EPSS
Exploits1References16
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 9:21 a.m.18 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-48976)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service attack due to an Apache Commons FileUpload vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerabili...

7.5CVSS6.7AI score0.64718EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-48976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commo...

7.5CVSS7AI score0.64718EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.10 views

IBM WebSphere Application Server 8.5.x < 8.5.5.29 / 9.x < 9.0.5.26 / Liberty 17.0.0.3 < 25.0.0.9 DoS (7242088)

The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7242088 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affect...

7.5CVSS7.2AI score0.64718EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-3092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x...

7.8CVSS7.3AI score0.35927EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution CVE-2016-1000031 Note that Nessus relies on the presence of the...

9.8CVSS8.5AI score0.34731EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/07/30 3:55 p.m.5 views

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

7.5CVSS7.2AI score0.64718EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/07/30 3:51 p.m.9 views

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

7.5CVSS7.2AI score0.64718EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/22 8:23 p.m.7 views

Security Bulletin: IBM Integration Designer is vulnerable to denial of service (CVE-2025-48976, CVE-2025-48924)

Summary Vulnerability in Apache Commons FileUpload and Commons Lang used by IBM Integration Designer. IBM Integration Designer has addressed CVE-2025-48976 and CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...

7.5CVSS6.8AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/15 6:32 p.m.8 views

Security Bulletin: Apache Commons FileUpload used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2025-48976))

Summary Apache Commons FileUpload used by IBM InforSphere Identity Insight provided a hard-coded limit of 10kB for the size of the headers associated with a multipart request. A specially crafted request that used a large number of parts with large headers could trigger excessive memory usage...

7.5CVSS6.8AI score0.64718EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/07/11 12:24 p.m.7 views

OESA-2025-1818 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References2
OSV
OSV
added 2025/07/11 12:24 p.m.7 views

OESA-2025-1817 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References2
Amazon
Amazon
added 2025/07/10 12:0 a.m.6 views

Important: tomcat

Issue Overview: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or...

7.5CVSS7AI score0.64718EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.9 views

Amazon Linux 2 : tomcat (ALAS-2025-2920)

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2920 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload...

7.5CVSS7.3AI score0.64718EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.15 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1065)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1065 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before...

7.5CVSS7.4AI score0.64718EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.10 views

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2025-020 (ALASTOMCAT9-2025-020)

The version of tomcat installed on the remote host is prior to 9.0.106-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-020 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Common...

7.5CVSS7.4AI score0.64718EPSS
Exploits1References10
Atlassian
Atlassian
added 2025/07/08 5:9 a.m.19 views

DoS (Denial of Service) Third-Party Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.4AI score0.64718EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2025/07/05 12:0 a.m.14 views

apache-commons-fileupload-1.6.0-1.1 on GA media (moderate)

apache-commons-fileupload-1.6.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15208-1 Rating: moderate Cross-References: CVE-2025-48976 CVSS scores: CVE-2025-48976 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-48976 SUSE : 8.7...

8.7CVSS7.6AI score0.64718EPSS
Exploits1
OSV
OSV
added 2025/07/03 12:0 a.m.3 views

OPENSUSE-SU-2025:15208-1 apache-commons-fileupload-1.6.0-1.1 on GA media

These are all security issues fixed in the apache-commons-fileupload-1.6.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/07/02 12:0 a.m.8 views

The vulnerability of the Apache Commons FileUpload library, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the Apache Commons FileUpload library is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS6.9AI score0.64718EPSS
Exploits1References6Affected Software3
Rows per page
Query Builder