Commons Fileupload@1.0 Security Vulnerabilities and Issues — Commons Fileupload@1.0 CVE List

Lucene search

ApacheCommons Fileupload1.0

3 matches found

CVE•added 2014/04/01 6:27 a.m.•1804 views

CVE-2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

7.5CVSS7.1AI score0.92678EPSS

CVE•added 2023/02/20 4:15 p.m.•713 views

CVE-2023-24998

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, thenew configuration option (FileUploadBase#setFi...

7.5CVSS7.2AI score0.41119EPSS

CVE•added 2013/03/15 8:55 p.m.•123 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

3.3CVSS8.2AI score0.00052EPSS