All the vulnerabilites related to Apache Software Foundation - Commons FileUpload
jvndb-2014-000017
Vulnerability from jvndb
Published
2014-02-10 17:21
Modified
2016-12-27 11:49
Summary
Apache Commons FileUpload vulnerable to denial-of-service (DoS)
Details
Apache Commons FileUpload contains a denial-of-service (DoS) vulnerability.
Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop.
As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed.
Hitachi Incident Response Team (HIRT) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN14876762/index.html | |
| CVE | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 | |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 | |
| Related document | http://advisories.mageia.org/MGASA-2014-0110.html | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000017.html",
"dc:date": "2016-12-27T11:49+09:00",
"dcterms:issued": "2014-02-10T17:21+09:00",
"dcterms:modified": "2016-12-27T11:49+09:00",
"description": "Apache Commons FileUpload contains a denial-of-service (DoS) vulnerability.\r\n\r\nApache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop.\r\n\r\nAs of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed.\r\n\r\nHitachi Incident Response Team (HIRT) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000017.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:commons_fileupload",
"@product": "Commons FileUpload",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000017",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14876762/index.html",
"@id": "JVN#14876762",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050",
"@id": "CVE-2014-0050",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050",
"@id": "CVE-2014-0050",
"@source": "NVD"
},
{
"#text": "http://advisories.mageia.org/MGASA-2014-0110.html",
"@id": "MGASA-2014-0110",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Apache Commons FileUpload vulnerable to denial-of-service (DoS)"
}
jvndb-2016-000121
Vulnerability from jvndb
Published
2016-06-30 13:53
Modified
2018-01-29 10:30
Severity ?
Summary
Apache Commons FileUpload vulnerable to denial-of-service (DoS)
Details
Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service (DoS).
TERASOLUNA FW(Struts1) Team of NTT DATA Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN89379547/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092 | |
| NVD | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3092 | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000121.html",
"dc:date": "2018-01-29T10:30+09:00",
"dcterms:issued": "2016-06-30T13:53+09:00",
"dcterms:modified": "2018-01-29T10:30+09:00",
"description": "Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service (DoS).\r\n\r\nTERASOLUNA FW(Struts1) Team of NTT DATA Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000121.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:commons_fileupload",
"@product": "Commons FileUpload",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:apache:struts",
"@product": "Apache Struts",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000121",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN89379547/index.html",
"@id": "JVN#89379547",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
"@id": "CVE-2016-3092",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3092",
"@id": "CVE-2016-3092",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Apache Commons FileUpload vulnerable to denial-of-service (DoS)"
}