PT-2014-2048 · Apache+5 · Apache Commons Fileupload+7

Publicado

2014-02-07

·

Atualizado

2024-06-15

·

CVE-2014-0050

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Apache Commons FileUpload versions prior to 1.3.1
Description The issue allows remote attackers to cause a denial of service via a crafted Content-Type header that bypasses a loop's intended exit conditions, leading to an infinite loop and CPU consumption. This is due to a bug in the MultipartStream.java file. The vulnerability can be exploited by sending a malformed request with a specially crafted Content-Type header.
Recommendations For Apache Commons FileUpload versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the MultipartStream.java file or disabling the processing of mime-multipart requests until a patch is available. Avoid using crafted Content-Type headers in requests to minimize the risk of exploitation.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-264

Identificadores relacionados

ALT-PU-2014-3192
ALT-PU-2016-3249
BDU:2022-03337
CESA-2014_0429
CVE-2014-0050
DSA-2856-1
DSA-2897-1
ELSA-2014-0429
GHSA-XX68-JFCG-XMMF
MGASA-2014-0109
MGASA-2014-0110
OPENSUSE-SU-2024:10262-1
OPENSUSE-SU-2024:10446-1
OPENSUSE-SU-2024:10620-1
OPENSUSE-SU-2024:13441-1
RHSA-2014:0253
RHSA-2014:0429
RHSA-2014:0525
RHSA-2014:0526
RHSA-2014_0429
SUSE-SU-2014_0548-1
USN-2130-1

Produtos afetados

Alt Linux
Apache Commons Fileupload
Apache Struts
Apache Tomcat
Centos
Red Hat
Suse
Vmware Vcenter