CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 1CVE-2023-24998 – Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts
https://notcve.org/view.php?id=CVE-2023-24998
20 Feb 2023 — Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may all... • https://github.com/nice1st/CVE-2023-24998 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 0CVE-2016-1000031 – Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1000031
17 Oct 2016 — Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution Apache Commons FileUpload versión anterior a 1.3.3, la manipulación del archivo DiskFileItem conduce a la ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ Sentinel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain Java objects. The issue lies... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 30%CPEs: 94EXPL: 0CVE-2016-3092 – tomcat: Usage of vulnerable FileUpload package can result in denial of service
https://notcve.org/view.php?id=CVE-2016-3092
30 Jun 2016 — The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. La clase MultipartStream en Apache Commons Fileupload en versiones anteriores a 1.3.2, tal como se utiliza en Apache Tomcat 7.x en versiones anteriores a 7.0.70, 8.x en versiones anteriores a 8.0.36, 8.5.x en versione... • http://jvn.jp/en/jp/JVN89379547/index.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 42%CPEs: 74EXPL: 4CVE-2014-0050 – Apache Commons FileUpload and Apache Tomcat - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0050
07 Feb 2014 — MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. MultipartStream.java en Apache Commons FileUpload anterior a 1.3.1, utilizado en Apache Tomcat, JBoss Web y otros productos, permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU... • https://packetstorm.news/files/id/180508 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0248 – Gentoo Linux Security Advisory 202107-39
https://notcve.org/view.php?id=CVE-2013-0248
15 Mar 2013 — The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. La configuración por defecto de javax.servlet.context.tempdir en Apache FileUpload v1.0 hastar v1.2.2 usa el directorio /tmp para subir ficheros, lo que permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlace simbólico no especificado. Po... • http://archives.neohapsis.com/archives/bugtraq/2013-03/0035.html • CWE-264: Permissions, Privileges, and Access Controls •