Lucene search
K
ApacheCommons Fileupload

6 matches found

CVE
CVE
added 2014/03/28 7:0 p.m.1883 views

CVE-2014-0050

This CVE affects Apache Commons FileUpload (MultipartStream.java) before version 1.3.1, as used in Apache Tomcat, JBoss Web, and other products. The root cause is a crafted Content-Type header that bypasses the loop exit conditions, allowing remote attackers to trigger an infinite loop and high C...

7.5CVSS7.1AI score0.83175EPSS
CVE
CVE
added 2023/02/20 3:57 p.m.842 views

CVE-2023-24998

CVE-2023-24998 arises from Apache Commons FileUpload not limiting the number of request parts, enabling a DoS via a malicious upload or series of uploads. The described issue notes that the related file-count limit (FileUploadBase#setFileCountMax) is not enabled by default and must be configured ...

7.5CVSS7.2AI score0.46836EPSS
CVE
CVE
added 2016/07/04 10:0 p.m.465 views

CVE-2016-3092

CVE-2016-3092 is a DoS in Apache Commons FileUpload via a crafted long multipart boundary. Affected: Commons FileUpload before 1.3.2 used in Tomcat 7.x up to 7.0.70, Tomcat 8.x up to 8.0.36, Tomcat 8.5.x up to 8.5.3, Tomcat 9.x up to 9.0.0.M7, and other products. Root cause: boundary length trigg...

7.8CVSS7.5AI score0.35927EPSS
CVE
CVE
added 2016/10/25 2:0 p.m.287 views

CVE-2016-1000031

The CVE-2016-1000031 entry concerns Apache Commons FileUpload prior to version 1.3.3, where DiskFileItem handling allowed remote code execution. Connected advisories show Atlassian Fisheye/Crucible assemblies using a vulnerable library and updating to the safe version; F5 advisories list Traffix ...

9.8CVSS9.5AI score0.34731EPSS
CVE
CVE
added 2025/06/16 3:0 p.m.249 views

CVE-2025-48976

CVE-2025-48976 is a DoS in Apache Commons FileUpload caused by allocation of resources for multipart headers with insufficient limits. Affected: 1.0 before 1.6 and 2.0.0-M1 before 2.0.0-M4. Impact: potential high-availability disruption. Remediation: upgrade to 1.6 or 2.0.0-M4 (as stated in multi...

7.5CVSS6.5AI score0.63258EPSS
CVE
CVE
added 2013/03/15 1:0 a.m.144 views

CVE-2013-0248

CVE-2013-0248 affects Apache Commons FileUpload 1.0–1.2.2. The default javax.servlet.context.tempdir uses the /tmp directory for uploads, enabling a local user to overwrite arbitrary files via an unspecified symlink attack. Impact is local, with file overwrite risk; exploitation is local. The con...

3.3CVSS8.2AI score0.0068EPSS