7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.028 Low
EPSS
Percentile
90.3%
Apache Commons FileUpload is vulnerable to Denial Of Service (DoS). The vulnerability exists because the default configuration doesn’t limit the number of request parts to be processed which allows an attacker to submit an upload with unlimited file parts, resulting in Denial of Service.
www.openwall.com/lists/oss-security/2023/05/22/1
commons.apache.org/proper/commons-fileupload/apidocs/org/apache/commons/fileupload/FileUploadBase.html#setFileCountMax-long-
commons.apache.org/proper/commons-fileupload/security-reports.html
github.com/advisories/GHSA-hfrx-6qgj-fp6c
github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
lists.debian.org/debian-lts-announce/2023/10/msg00020.html
security.gentoo.org/glsa/202305-37
www.debian.org/security/2023/dsa-5522
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.028 Low
EPSS
Percentile
90.3%